lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Feb 2010 11:04:46 +1100 From: paul.szabo@...ney.edu.au To: kcope2@...glemail.com Cc: bugtraq@...urityfocus.com, dan@...para.com, full-disclosure@...ts.grok.org.uk Subject: Re: Samba Remote Zero-Day Exploit Dear Kingcope, > Turning off symlink support in samba closes the hole but then no > access to symlinks created by the administrator is possible ... Correct. Maybe what you want is for Samba to add and support an option like "allow create symlink" (with default "no"). I myself do not think it would be useful... would surely be a few lines of code only, so if you want to submit a patch to the Samba team... or just patch your own servers (as I do, see http://www.maths.usyd.edu.au/u/psz/samba/). Cheers, Paul Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Powered by blists - more mailing lists