ClearOS Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000023ClearOSapp-samba - Windows Networkingpublic2010-02-05 10:522010-02-22 16:47
Assigned Tojterpstra 
PlatformOSOS Version
Product Version5.1 
Target VersionFixed in Version5.1 
Summary0000023: Default configuration for "wide links"...
DescriptionThe "wide links" parameter is enabled by default. This can be used to view and potentially change files anywhere on the system via symlinks. In ClearOS, this wouldn't get a user very far (in fact, no further than they would if they had shell access enabled). Regardless, this is still an information leak.
Here is the announcement from the Samba team: [^]

And here is the "wide links" entry in the smb.conf man page:

 wide links (S)

     This parameter controls whether or not links in the UNIX file system may be
     followed by the server. Links that point to areas within the directory tree
     exported by the server are always allowed; this parameter controls access only to
     areas that are outside the directory tree being exported.

     Note that setting this parameter can have a negative effect on your server
     performance due to the extra system calls that Samba has to do in order to
     perform the link checks.

TagsNo tags attached.
Attached Files

- Relationships

-  Notes
2010-02-05 10:54

Errata update CCSA-2010:024 - [^]
2010-02-22 16:46

Source Code Changelog
- Changed "wide links" parameter [fixed issue 0000023]

File Changes
U legacy/modules/branches/5.1/app-samba-api/upgrade

- Issue History
Date Modified Username Field Change
2010-02-05 10:52 user2 New Issue
2010-02-05 10:52 user2 Assigned To => jterpstra
2010-02-05 10:52 user2 Status new => assigned
2010-02-05 10:54 user2 Note Added: 0000024
2010-02-05 10:54 user2 Status assigned => resolved
2010-02-05 10:54 user2 Fixed in Version => 5.1
2010-02-05 10:54 user2 Resolution open => fixed
2010-02-05 14:06 user2 Description Updated
2010-02-05 14:07 user2 View Status private => public
2010-02-07 17:29 user2 Status resolved => closed
2010-02-22 16:46 user2 Checkin
2010-02-22 16:46 user2 Note Added: 0000037
2010-02-22 16:46 user2 Status closed => resolved
2010-02-22 16:47 user2 Status resolved => closed