Michael Wojcik wrote: >> From: Stefan Kanthak [mailto:stefan.kanthak@xxxxxxxx] >> Sent: Saturday, 06 February, 2010 08:21 >> >> Dan Kaminsky wrote: >> >> [...] >> >> > (On a side note, you're not going to see this sort of symlink stuff >> > on Windows, >> >> What exactly do you mean? >> Traversing symlinks on the server/share, or creation of "wide" >symlinks >> by the client on the server/share? >> >> Since Windows 2000 NTFS supports "junctions", which pretty much >> resemble Unix symlinks, but only for directories. >> See <http://support.microsoft.com/kb/205524/en-us> > > And at least since Vista, it also supports symlinks, which are designed s/at least// [ well-known facts snipped ] > The Windows SMB server apparently won't cross reparse points, though, so > there's no equivalent vulnerability. NO, Windows SMB server crosses reparse points! But as Dan Kaminsky pointed out, you need to have administrative rights to remotely create a junction on an SMB share, so the non-admin user cant get himself access to files outside a share he's allowed to access. Stefan
