[Bug 1702529] Re: ACCESS_DENIED with symlinks within a root ("/") share

Eric Desrochers eric.desrochers at canonical.com
Fri Aug 25 14:03:39 UTC 2017 

There is some regressions found in samba for Xenial as follow: 
(see pending sru page[1] for more details (buildlog, etc ...)

*Regression in autopkgtest for gvfs (ppc64el): test log

This one seems to be related to a timeout, I just restarted the test a
few minutes ago, let's see the outcome for the 2nd run.

*Regression in autopkgtest for gvfs (amd64): test log

I also restarted this one just in case .... but it will need
investigation if fails again.... at first glance it seems like the last
successful autokpkgtest for this particular test was with
"samba/2:4.3.11+dfsg-0ubuntu0.16.04.2" last year (2016-11-10 ). Since
then the package received a series of SECURITY fixes via "xenial-
security" channel which doesn't seem to have been tested in the
autopkgtest infra until now. Meaning that the regression found may or
may not be related to this current SRU but from a previous SECURITY fix,
note that this could also be a false positive. This is why it will
require investigation if the 2nd run fails again.

[1] - https://people.canonical.com/~ubuntu-archive/pending-sru.html

- Eric

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1702529

Title:
   ACCESS_DENIED with symlinks within a root ("/") share

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Committed
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Zesty:
  Fix Committed

Bug description:
  [Impact]

   * In case of accessing directories chdir to it directly instead of
  its parent directory. This changes how dir symlinks are handled in
  root shares and leads to avoiding the ACCESS_DENIED ISSUE.

  [Test Case]

   1. Prepare smb server with a share:
  [rootshare]
     guest ok = yes
     path = /
     wide links = no
     follow symlinks = yes
   2. On the server:
  mkdir -p /srv/dir
  ln -s /srv/dir /srv/symdir.
   3. Connect from a client:
  smbclient -m smb3 //server/rootshare -c "cd srv\symdir; dir"

  [Regression Potential]

   * When accessing broken symlinks share's base directory is accessed.
  This however seems to be consistent with a pre-fix behavior.

  [Other Info]

  This fix is included in Samba 4.6.7 release so Artful and Debian both
  have it already.

  Original bug description:

  See Samba bug: https://bugzilla.samba.org/show_bug.cgi?id=12873 for
  more information and test case. Also view LP bug:
  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1701073 for more
  information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1702529/+subscriptions

More information about the foundations-bugs mailing list