On Mon, 2006-08-21 at 11:12 -0700, Jeremy Allison wrote: > > 3. If I do this change for our customers, is there any security issue > > here that I haven't thought about? > > Yes, it's a security hole (IMHO). It completely bypasses > security for a path. There might be things an attacker > could do with this (don't have time right now to think > up evil scenarious but I'm sure there are some :-).
An easy example is accessing other users home directories where the user target has a 700 permission on his home directory specifically set to keep out other users. It is a common scenario on unix environments. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
