[Bug 1702529] Re: ACCESS_DENIED with symlinks within a root ("/") share
Dave Kettmann
1702529 at bugs.launchpad.net
Wed Jul 5 18:00:06 UTC 2017
>From Samba bug:
I know this is an unusual scenario: sharing the entire filesytem ("/").
But it was working with 4.3.8, and broke sometime after, perhaps with
the CVE-2017-2619 fixes since this involves symlinks and there were a
few regressions with that particular CVE.
For the test I used 4.6.5 with the patch for bug #12860.
This is the smb.conf:
[global]
server string = %h server (Samba, Ubuntu)
netbios name = xenial
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[rootfs]
path = /
follow symlinks = yes
wide links = no
read only = no
guest ok = no
browseable = yes
/opt has this:
root at xenial-samba-rootfs:~# ls -lah /opt
total 5.0K
drwxr-xr-x 3 root root 6 Jul 3 20:01 .
drwxr-xr-x 22 root root 22 Jun 19 23:52 ..
-rw-r--r-- 1 root root 6 Jul 3 20:01 file.txt
lrwxrwxrwx 1 root root 16 Jul 3 20:01 symlink-to-directory -> target-directory
lrwxrwxrwx 1 root root 8 Jul 3 20:01 symlink-to-file -> file.txt
drwxr-xr-x 2 root root 2 Jul 3 20:01 target-directory
This worked with 4.3.8 without the CVE-2017-2619 patch:
root at xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "dir /opt/symlink-to-directory/*"
WARNING: The "syslog" option is deprecated
Domain=[XENIAL] OS=[] Server=[]
. D 0 Mon Jul 3 20:01:36 2017
.. D 0 Mon Jul 3 20:01:49 2017
244825344 blocks of size 1024. 244392448 blocks available
root at xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "get \opt\symlink-to-file"
WARNING: The "syslog" option is deprecated
Domain=[XENIAL] OS=[] Server=[]
getting file \opt\symlink-to-file of size 6 as \opt\symlink-to-file (5.9 KiloBytes/sec) (average 5.9 KiloBytes/sec)
But it fails with 4.3.11 + CVE patches, and also 4.6.5 with the patch
for bug #12860:
root at xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "dir /opt/symlink-to-directory/*"
WARNING: The "syslog" option is deprecated
Domain=[XENIAL] OS=[] Server=[]
NT_STATUS_ACCESS_DENIED listing \opt\symlink-to-directory\*
root at xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "get \opt\symlink-to-file"
WARNING: The "syslog" option is deprecated
Domain=[XENIAL] OS=[] Server=[]
NT_STATUS_ACCESS_DENIED opening remote file \opt\symlink-to-file
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1702529
Title:
ACCESS_DENIED with symlinks within a root ("/") share
Status in samba package in Ubuntu:
New
Bug description:
See Samba bug: https://bugzilla.samba.org/show_bug.cgi?id=12873 for
more information and test case. Also view LP bug:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1701073 for more
information.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1702529/+subscriptions
More information about the foundations-bugs
mailing list