Anonymous | Login | 2024-12-21 18:14 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000023 | ClearOS | app-samba - Windows Networking | public | 2010-02-05 10:52 | 2010-02-22 16:47 | ||||
Reporter | user2 | ||||||||
Assigned To | jterpstra | ||||||||
Priority | immediate | Severity | major | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 5.1 | ||||||||
Target Version | Fixed in Version | 5.1 | |||||||
Summary | 0000023: Default configuration for "wide links"... | ||||||||
Description | The "wide links" parameter is enabled by default. This can be used to view and potentially change files anywhere on the system via symlinks. In ClearOS, this wouldn't get a user very far (in fact, no further than they would if they had shell access enabled). Regardless, this is still an information leak. Here is the announcement from the Samba team: http://lists.samba.org/archive/samba-technical/2010-February/069183.html [^] And here is the "wide links" entry in the smb.conf man page: wide links (S) This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only to areas that are outside the directory tree being exported. Note that setting this parameter can have a negative effect on your server performance due to the extra system calls that Samba has to do in order to perform the link checks. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0000024) user2 2010-02-05 10:54 |
Errata update CCSA-2010:024 - http://clearsdn.clearcenter.com/software/detail.php?aid=24 [^] |
(0000037) user2 2010-02-22 16:46 |
Source Code Changelog --------------------------------------------------- - Changed "wide links" parameter [fixed issue 0000023] File Changes --------------------------------------------------- U legacy/modules/branches/5.1/app-samba-api/upgrade |