From: Ralph Boehme <slow@samba.org>
To: Steve French <smfrench@gmail.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>,
CIFS <linux-cifs@vger.kernel.org>,
Ronnie Sahlberg <ronniesahlberg@gmail.com>
Subject: Re: [PATCH] ksmbd: remove follow symlinks support
Date: Mon, 20 Sep 2021 17:55:59 +0200 [thread overview]
Message-ID: <cca5b3e4-02c5-cfe3-f6c7-00135cd2eed2@samba.org> (raw)
In-Reply-To: <CAH2r5mtT2b_9HGP1_Yii8tVu6vmwyDu6y_9pj_Y8haqQtvqnRw@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1434 bytes --]
Am 20.09.21 um 17:19 schrieb Steve French:
> On Mon, Sep 20, 2021 at 9:44 AM Ralph Boehme <slow@samba.org> wrote:
>>
>> Am 19.09.21 um 04:13 schrieb Namjae Jeon:
>>> Use LOOKUP_NO_SYMLINKS flags for default lookup to prohibit the
>>> middle of symlink component lookup.
>>
>> maybe this patch should be squashed with the "ksmbd: remove follow
>> symlinks support" patch?
>
> These two could be merged if it makes review easier or less likely
> to cause merge conflicts later (in this case that may be true since
> they both touch smb2_open),
from a high level perspective having both patches in the history is at
least confusing and should be avoided.
The first patch changes the semantics of "follow symlinks" and the
second one then changes it again by basically removing the option,
enforcing "never follow symlinks" behaviour.
> but that assumes that removing ability to follow all symlinks is
> agreed upon.
Well, as discussed you could use LOOKUP_BENEATH. The only downside would
be that symlinks with absolute paths are not allowed.
Note that with the current WIP patches we either
a) don't support symlink at all ("follow symlinks = yes")
b) have no protection against follow symlinks outside of a configured
share ("follow symlinks = no")
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
next prev parent reply other threads:[~2021-09-20 15:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-20 6:56 [PATCH] ksmbd: remove follow symlinks support Namjae Jeon
2021-09-20 13:57 ` Ralph Boehme
2021-09-20 15:57 ` Namjae Jeon
2021-09-20 16:28 ` Ralph Boehme
2021-09-20 16:37 ` Namjae Jeon
2021-09-21 7:44 ` Ralph Boehme
2021-09-20 14:44 ` Ralph Boehme
2021-09-20 15:19 ` Steve French
2021-09-20 15:55 ` Ralph Boehme [this message]
2021-09-20 16:03 ` Namjae Jeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cca5b3e4-02c5-cfe3-f6c7-00135cd2eed2@samba.org \
--to=slow@samba.org \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=ronniesahlberg@gmail.com \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).