Re: Samba Remote Zero-Day Exploit

Subject: Re: Samba Remote Zero-Day Exploit

Dear Kingcope,

> Turning off symlink support in samba closes the hole but then no
> access to symlinks created by the administrator is possible ...


Maybe what you want is for Samba to add and support an option like
"allow create symlink" (with default "no"). I myself do not think it
would be useful... would surely be a few lines of code only, so if you
want to submit a patch to the Samba team... or just patch your own
servers (as I do, see

Cheers, Paul

Paul Szabo
School of Mathematics and Statistics   University of Sydney    Australia

Copyright © 1995-2020 All rights reserved.