[Pkg-samba-maint] Bug#812429: samba: Share of / no longer works

David Rothenberger daveroth at acm.org
Sat Jan 23 22:23:57 UTC 2016

Package: samba
Version: 2:4.1.17+dfsg-2+deb8u1
Severity: normal

Dear Maintainer,

After the recent security update, shares of the root directory
(path = /) no longer work. The message in the log is

[2016/01/23 14:12:18.354046,  3] ../source3/smbd/vfs.c:1141(check_reduced_name)
  check_reduced_name [etc] [/]
[2016/01/23 14:12:18.354167,  2] ../source3/smbd/vfs.c:1234(check_reduced_name)
  check_reduced_name: Bad access attempt: etc is a symlink outside the share path
  conn_rootdir =/
[2016/01/23 14:12:18.354219,  3] ../source3/smbd/filename.c:1404(filename_convert_internal)
  filename_convert_internal: check_name failed for name etc with NT_STATUS_ACCESS_DENIED

My full smb.conf file is:

	server string = %h server (Samba %v)
	interfaces = br0, br1,
	bind interfaces only = Yes
	obey pam restrictions = Yes
	passdb backend = tdbsam
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	load printers = No
	show add printer wizard = No
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap ssl = no
	panic action = /usr/share/samba/panic-action %d
	invalid users = root

	path = /
	valid users = drothe
	admin users = drothe
	hosts allow =,

Setting "wide links = yes" and "allow insecure wide links = yes" has
no effect.

I suspect this is due to patch cve_2015_5252.diff, but I'm not sure
as my attempts to rebuild the package without the package fail.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser                              3.113+nmu3
ii  dpkg                                 1.17.26
ii  libasn1-8-heimdal                    1.6~rc2+dfsg-9
ii  libbsd0                              0.7.0-2
ii  libc6                                2.19-18+deb8u1
ii  libcomerr2                           1.42.12-1.1
ii  libhdb9-heimdal [heimdal-hdb-api-8]  1.6~rc2+dfsg-9
ii  libkdc2-heimdal                      1.6~rc2+dfsg-9
ii  libkrb5-26-heimdal                   1.6~rc2+dfsg-9
ii  libldb1                              2:1.1.17-2+deb8u1
ii  libpam-modules                       1.1.8-3.1
ii  libpam-runtime                       1.1.8-3.1
ii  libpopt0                             1.16-10
ii  libpython2.7                         2.7.9-2
ii  libroken18-heimdal                   1.6~rc2+dfsg-9
ii  libtalloc2                           2.1.1-2
ii  libtdb1                              1.3.1-1
ii  libtevent0                           0.9.21-1
ii  lsb-base                             4.1+Debian13+nmu1
ii  multiarch-support                    2.19-18+deb8u1
ii  procps                               2:3.3.9-9
ii  python                               2.7.9-1
ii  python-dnspython                     1.12.0-1
ii  python-ntdb                          1.0-5
ii  python-samba                         2:4.1.17+dfsg-2+deb8u1
pn  python2.7:any                        <none>
ii  samba-common                         2:4.1.17+dfsg-2+deb8u1
ii  samba-common-bin                     2:4.1.17+dfsg-2+deb8u1
ii  samba-dsdb-modules                   2:4.1.17+dfsg-2+deb8u1
ii  samba-libs                           2:4.1.17+dfsg-2+deb8u1
ii  tdb-tools                            1.3.1-1
ii  update-inetd                         4.43

Versions of packages samba recommends:
ii  attr               1:2.4.47-2
ii  logrotate          3.8.7-1+b1
ii  samba-vfs-modules  2:4.1.17+dfsg-2+deb8u1

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
pn  ldb-tools      <none>
ii  ntp            1:4.2.6.p5+dfsg-7+deb8u1
pn  smbldap-tools  <none>
pn  winbind        <none>

-- debconf information:
  samba/run_mode: daemons
  samba/generate_smbpasswd: true

More information about the Pkg-samba-maint mailing list