[Pkg-samba-maint] [Bug 4155] Improper handling of /../ in path names
samba-bugs at samba.org
samba-bugs at samba.org
Fri May 20 21:09:04 UTC 2011
https://bugzilla.samba.org/show_bug.cgi?id=4155
Jeremy Allison <jra at samba.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
AssignedTo|samba-bugs at samba.org |jra at samba.org
--- Comment #8 from Jeremy Allison <jra at samba.org> 2011-05-20 21:09:03 UTC ---
Sorry I can't see us fixing this. The problem is that /../ is invalid in a path
from the client (and is very dangerous to boot, might allow the client to climb
out of the share definition). We could call realpath() on the share pathname,
but in order to do that we need to instantiate the share first and hard-fix the
pathname without the /../. There's no way we will *ever* allow /../ in
internally processed pathnames, it's just much too dangerous.
Jeremy.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Pkg-samba-maint
mailing list