[Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks to directories
Dariusz Gadomski
1701073 at bugs.launchpad.net
Mon Jul 3 15:54:41 UTC 2017
Andreas, Marc - I think the case Dave described is not fully covered by
the fix.
There is a config still failing: if the share is based at / (so all
symlinks in the filesystem should be local to the share) with "wide
links = no" no symlinks are accessible. According to my tests this
affects both: file and directory symlinks).
Test case:
# server
[rootshare]
path = /
wide links = no
follow symlinks = yes
browseable = yes
read only = no
guest ok = yes
mkdir -p /tmp/test
ln -s /tmp/test /tmp/testlink
# client
smbclient -m smb3 //server/rootshare
cd /tmp/testlink
dir
NT_STATUS_ACCESS_DENIED listing \tmp\testlink\*
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1701073
Title:
CVE-2017-2619 regression breaks symlinks to directories
Status in samba:
Unknown
Status in samba package in Ubuntu:
In Progress
Status in samba source package in Xenial:
In Progress
Status in samba source package in Yakkety:
In Progress
Status in samba source package in Zesty:
In Progress
Bug description:
Found in current version in Xenial (4.3.11+dfsg-0ubuntu0.16.04.7).
When share's path is '/', symlinks do not work properly from Windows
client. Gives "Cannot Access" error.
To reproduce:
1. Install samba and related dependencies
apt install -y samba
2. Add a share at the end of the default file that uses '/' as the
path:
[reproducer]
comment = share
browseable = no
writeable = yes
create mode = 0600
directory mode = 0700
path = /
3. Attempt to access a symlink somewhere within the path of the share
with a Windows client.
4. Receive "Windows cannot access..." related error
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions
More information about the foundations-bugs
mailing list