tags 418587 wontfix thanks Please find below the rationale from upstream. I was indeed suspecting something like this: using constructions like "/../" in path names is way to dangerous and the given rationale in our bug report is not enough, according to both upstream...and me.
I'll probably close this bug report in some future. ----- Forwarded message from [email protected] ----- Date: Fri, 20 May 2011 23:09:04 +0200 From: [email protected] To: [email protected] Subject: [Pkg-samba-maint] [Bug 4155] Improper handling of /../ in path names X-CRM114-Status: Good ( pR: 20.2175 ) https://bugzilla.samba.org/show_bug.cgi?id=4155 Jeremy Allison <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|[email protected] |[email protected] --- Comment #8 from Jeremy Allison <[email protected]> 2011-05-20 21:09:03 UTC --- Sorry I can't see us fixing this. The problem is that /../ is invalid in a path from the client (and is very dangerous to boot, might allow the client to climb out of the share definition). We could call realpath() on the share pathname, but in order to do that we need to instantiate the share first and hard-fix the pathname without the /../. There's no way we will *ever* allow /../ in internally processed pathnames, it's just much too dangerous. Jeremy. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Pkg-samba-maint mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-samba-maint ----- End forwarded message ----- --
signature.asc
Description: Digital signature
