Bug 14325 - Samba share names allow directory components.
Summary: Samba share names allow directory components.
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-23 18:18 UTC by Jeremy Allison
Modified: 2020-03-23 18:33 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2020-03-23 18:18:36 UTC 
Reported by Brad at Apple (not allowed to submit this bug himself due to corporate policy):

The following smb.conf configuration file was used to create a Samba server
with a malicious share name:

[/../../../../../../../../../../../../../../../../var/mobile/foobar]
   read only = yes
   browsable = yes
   guest account = thijs
   locking = no
   path = /tmp/smb
   guest ok = yes

Not a security hole, as anyone who can modify smb.conf on a server has multiple ways of being root.

But we should probably disallow '/' components in share names.