[Bug 1675698] Re: Cannot access anything under a subdirectory if symlinks are disallowed

Launchpad Bug Tracker 1675698 at bugs.launchpad.net
Thu Mar 30 17:36:40 UTC 2017 

This bug was fixed in the package samba - 2:4.3.11+dfsg-0ubuntu0.14.04.7

---------------
samba (2:4.3.11+dfsg-0ubuntu0.14.04.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Tue, 28 Mar 2017
09:28:06 -0400

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1675698

Title:
  Cannot access anything under a subdirectory if symlinks are disallowed

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Confirmed
Status in samba source package in Precise:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Released
Status in samba source package in Yakkety:
  Fix Released
Status in samba source package in Zesty:
  Confirmed
Status in samba package in Debian:
  Confirmed

Bug description:
  After upgrading to 4.3.11+dfsg-0ubuntu0.14.04.6, some of my shares
  broke in a curious way. The affected shares have `follow symlinks =
  no`; the ones with `follow symlinks = yes` aren't affected AFAICT.
  Allowing symlinks on one of the affected shares mitigates the issue
  for that share.

  The issue is that access to anything under a direct subdirectory of
  the share doesn't work. I can create a directory in `\\srv\share`,
  e.g. `\\srv\share\foo`, but I can't create any files or directories
  inside it, e.g. creating `\\srv\share\foo\bar` ends up with error 50
  (The request is not supported). Attempts to access existing files or
  directories at this level produce error 59 (An unexpected network
  error occured).

  The log at level 2 says:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
    check_reduced_name: Bad access attempt: branches is a symlink to foo/bar

  ```

  ... or:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
    check_reduced_name: Bad access attempt: . is a symlink to foo
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1675698/+subscriptions

More information about the foundations-bugs mailing list