Ubuntu
samba package

3.0.28a-1ubuntu4.11 has new "unix extensions" parameter default to yes, wreaking havoc on existing configs

Bug #563752 reported by AlainKnaff
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

Binary package hint: samba

3.0.28a-1ubuntu4.11 has a new "unix extensions" parameter default to yes, wreaking havoc on existing configs by disabling "wide links"

In order to respect principle of "least surprise", any new parameters which can break existing config should default to no, or to whatever value preserves existing functionality.

Moreover, it would be useful if "unix extensions" could be specified by share, rather than globally (maybe then, it could even be automatically turned off on those shares that have wide links)

Chuck Short (zulcss)
Changed in samba (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
AlainKnaff (kubuntu-misc) wrote :

Thinking about this somewhat more, several other solutions to the problem may be considered:

1. If "wide links = yes" and "unix extensions = yes" are both present on a share, do it the other way round: disable unix extensions rather than wide links.
2. Even better: _only_ disable the call to make symlinks (... that's the only one with a security implication, right?...)
3. And still better: only disallow to create symlinks that point outside of the share (so that the only such symlinks would be those set up "manually", for instance by the administrator)

Revision history for this message
Thierry Carrez (ttx) wrote :

Subscribing Marc to get security team's view on this, since they authored the recent change.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is the way the upstream Samba project chose to fix this issue. See:

http://www.samba.org/samba/history/samba-3.4.6.html

and

https://bugzilla.samba.org/show_bug.cgi?id=7104

Unfortunately, there is no simple way to fix the issue without altering some setups.

We prefer to disable wide links automatically, as unix extensions are important for unix clients. If wide links are important to you, and you don't use samba to server unix clients, you may disable unix extensions manually.

If you would like this to be fixed in a different way, I suggest opening a bug with the upstream Samba project and try to get them to reconsider their decision.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.