The Samba-Bugzilla – Bug 11647
Access denied if the share path is "/"
Last modified: 2016-01-07 17:36:33 UTC
The fix for bug #11395 / CVE-2015-5252
locked down the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links.
The new checks do not correctly treat a corner case though: the case of the share path being "/". (Important e.g. for using the glusterfs VFS module.)
In this case all operations after tree connect get ACCESS_DENIED.
Hi Michael, should be easy to fix by adding an explicit check for that case.
I already have a candidate patch.
Going to propose it next... Michael
Created attachment 11742 [details]
Patch for v4-3-test cherry-picked from master
Created attachment 11743 [details]
Patch for v4-2-test cherry-picked from master
Created attachment 11744 [details]
Patch for v4-1-test cherry-picked from master
Patch for 4.1 - it applies cleanly.
Just for the record (4.1 is in security mode...) - some distros may need it.
Backports look good. Karo, all yours. :)
Lost several hours today on this :-/.
Workaround if anyone is interested:
mount -o rbind / /mnt/root
and use "path = /mnt/root" instead of "path = /"
Pushed to autobuild-v4-[2|3]-test.
(In reply to Karolin Seeger from comment #8)
Pushed to both branches.
Closing out bug report.