Am 20.09.21 um 17:19 schrieb Steve French:
On Mon, Sep 20, 2021 at 9:44 AM Ralph Boehme <slow@xxxxxxxxx> wrote:Am 19.09.21 um 04:13 schrieb Namjae Jeon:Use LOOKUP_NO_SYMLINKS flags for default lookup to prohibit the middle of symlink component lookup.maybe this patch should be squashed with the "ksmbd: remove follow symlinks support" patch?These two could be merged if it makes review easier or less likely to cause merge conflicts later (in this case that may be true since they both touch smb2_open),
from a high level perspective having both patches in the history is at least confusing and should be avoided. The first patch changes the semantics of "follow symlinks" and the second one then changes it again by basically removing the option, enforcing "never follow symlinks" behaviour.
but that assumes that removing ability to follow all symlinks is agreed upon.
Well, as discussed you could use LOOKUP_BENEATH. The only downside would
be that symlinks with absolute paths are not allowed.
Note that with the current WIP patches we either
a) don't support symlink at all ("follow symlinks = yes")
b) have no protection against follow symlinks outside of a configured
share ("follow symlinks = no")
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
