Bugtraq mailing list archives

Re: Samba Remote Zero-Day Exploit

From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 11:04:46 +1100

Dear Kingcope,

Turning off symlink support in samba closes the hole but then no
access to symlinks created by the administrator is possible ...


Correct.

Maybe what you want is for Samba to add and support an option like
"allow create symlink" (with default "no"). I myself do not think it
would be useful... would surely be a few lines of code only, so if you
want to submit a patch to the Samba team... or just patch your own
servers (as I do, see http://www.maths.usyd.edu.au/u/psz/samba/).

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Current thread:

Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- <Possible follow-ups>
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
  - Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller (Feb 08)
  - Re: Samba Remote Zero-Day Exploit Kingcope (Feb 08)
    - Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
  - RE: Samba Remote Zero-Day Exploit David Jacoby (Feb 09)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
  - Message not available
    - Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 08)
    - RE: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 08)
    - Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 09)
    - RE: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)
    - Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 08)
    - Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 08)
    - Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 08)

(Thread continues...)