|
Full Disclosure
mailing list archives
Re: Samba Remote Zero-Day Exploit
From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 11:04:46 +1100
Dear Kingcope,
Turning off symlink support in samba closes the hole but then no
access to symlinks created by the administrator is possible ...
Correct.
Maybe what you want is for Samba to add and support an option like
"allow create symlink" (with default "no"). I myself do not think it
would be useful... would surely be a few lines of code only, so if you
want to submit a patch to the Samba team... or just patch your own
servers (as I do, see http://www.maths.usyd.edu.au/u/psz/samba/).
Cheers, Paul
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Samba Remote Zero-Day Exploit Thierry Zoller (Feb 06)
(Thread continues...)
|
