unix exts / wide links / symlinks
in [Samba]
|
Prev: Corrent security mode settings to allow mess-windows XP behave!
Next: Kerberos method not working like use kerberos keytab?
From: Jeremy Allison on 7 Apr 2010 14:00 On Wed, Apr 07, 2010 at 09:33:30AM +0200, Volker Lendecke wrote: > On Wed, Apr 07, 2010 at 08:38:50AM +0200, Stefan Götz wrote: > > > Sorry for that, but Samba just can't afford to be called > > > insecure by default. > > > > Absolutely - and I do very much respect the reasons for > > that. So Linda and I are > > suggesting a non-default option or option value called something like > > "YesIWantToShootMyselfInTheFootAndWontComplainAboutItOnSlashdotSoTurnOnWideLinks" > > instead of reverting to an insecure default. In our usage > > scenarios, such a shot in the foot is something quite > > desirable and useful. > > If you asked me, I would support that. > > insecure wide links and unix extensions = yes > > or so. Now you have to convince Jeremy to also accept it :-) Ok, I'm or with a "wide links = insecure" option, with the man page expressing the opinion that enabling it is insane :-). But I'm not spending the time to code it up (but will test and apply patches from people who do :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Mike Leone on 7 Apr 2010 14:10 Jeremy Allison had this to say: > Ok, I'm or with a "wide links = insecure" option, with > the man page expressing the opinion that enabling it is > insane :-). > > But I'm not spending the time to code it up (but will > test and apply patches from people who do :-). So then this: "It is a big mistake to set the wide links Samba parameter to no in the Samba configuration file /etc/smb.conf." <http://www.faqs.org/docs/securing/chap29sec287.html> should be completely ignored, I guess? I'm a bit new to Samba .... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jeremy Allison on 7 Apr 2010 19:20 On Wed, Apr 07, 2010 at 02:04:03PM -0400, Mike Leone wrote: > Jeremy Allison had this to say: > >> Ok, I'm or with a "wide links = insecure" option, with >> the man page expressing the opinion that enabling it is >> insane :-). >> >> But I'm not spending the time to code it up (but will >> test and apply patches from people who do :-). > > So then this: > > "It is a big mistake to set the wide links Samba parameter to no in the > Samba configuration file /etc/smb.conf." > > <http://www.faqs.org/docs/securing/chap29sec287.html> > > should be completely ignored, I guess? > > I'm a bit new to Samba .... Yep, out of date now I'm afraid. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Stefan Götz on 8 Apr 2010 10:20
Hi Volker! > Sorry for that, but Samba just can't afford to be called > insecure by default. Absolutely - and I do very much respect the reasons for that. So Linda and I are suggesting a non-default option or option value called something like "YesIWantToShootMyselfInTheFootAndWontComplainAboutItOnSlashdotSoTurnOnWideLinks" instead of reverting to an insecure default. In our usage scenarios, such a shot in the foot is something quite desirable and useful. Stefan -- Stefan Götz, Ph.D. Student Distributed Systems Group Chair for Computer Science IV, RWTH Aachen, Germany http://ds.rwth-aachen.de/members/goetz/ |