[Pkg-samba-maint] Bug#418587: (forw) [Bug 4155] Improper handling of /../ in path names

Christian PERRIER bubulle at debian.org
Tue May 24 04:45:03 UTC 2011 

tags 418587 wontfix
thanks

Please find below the rationale from upstream. I was indeed suspecting
something like this: using constructions like "/../" in path names is
way to dangerous and the given rationale in our bug report is not
enough, according to both upstream...and me.

I'll probably close this bug report in some future.

----- Forwarded message from samba-bugs at samba.org -----

Date: Fri, 20 May 2011 23:09:04 +0200
From: samba-bugs at samba.org
To: pkg-samba-maint at lists.alioth.debian.org
Subject: [Pkg-samba-maint] [Bug 4155] Improper handling of /../ in path names
X-CRM114-Status: Good  ( pR: 20.2175 )

https://bugzilla.samba.org/show_bug.cgi?id=4155

Jeremy Allison <jra at samba.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|samba-bugs at samba.org        |jra at samba.org

--- Comment #8 from Jeremy Allison <jra at samba.org> 2011-05-20 21:09:03 UTC ---
Sorry I can't see us fixing this. The problem is that /../ is invalid in a path
from the client (and is very dangerous to boot, might allow the client to climb
out of the share definition). We could call realpath() on the share pathname,
but in order to do that we need to instantiate the share first and hard-fix the
pathname without the /../. There's no way we will *ever* allow /../ in
internally processed pathnames, it's just much too dangerous.

Jeremy.

-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Pkg-samba-maint mailing list
Pkg-samba-maint at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-samba-maint


----- End forwarded message -----

-- 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20110524/fb77f88d/attachment.pgp>

More information about the Pkg-samba-maint mailing list