From: Jeremy Allison <jra@samba.org>
To: Steve French <smfrench@gmail.com>
Cc: Xiaoli Feng <xifeng@redhat.com>,
samba-technical <samba-technical@lists.samba.org>,
CIFS <linux-cifs@vger.kernel.org>
Subject: Re: [PATCH][SMB3] allow files to be created with backslash in file name
Date: Sat, 2 Jan 2021 20:13:23 -0800 [thread overview]
Message-ID: <20210103041323.GA162327@jeremy-acer> (raw)
In-Reply-To: <CAH2r5muZ9tFZtHakrSf6Px2HGQTDUzg8+V52+NQaytKX_ZpHCA@mail.gmail.com>
On Sat, Jan 02, 2021 at 09:45:53PM -0600, Steve French wrote:
>> So just creating a file containing : \ etc. doesn't do
>> this - you have to misconfigure the server FIRST.
>
>I agree that with Samba server this is less common (not sure how many
>vendors set that smb.conf
No one sets it by default to my knowledge.
>parm) but note that "man smb.conf" does not warn that disabling name
>mangling will break
Patches to the manpage welcome :-).
>smbclient (assuming that local files have been created on the server with one of
>the various reserved characters, perhaps over NFS for example). But
>... there are many
>other servers, and I wouldn't be surprised if other servers have
>sometimes returned files
>created by NFS or Ceph or some cluster fs that contain reserved
>characters, even if
>it is illegal.
Sure - but that then becomes a possible CVE for these
filesystem clients if they don't protect themselves
against server attacks.
What does *your* client code do if a server returns a
filename containing a / ? If you pass it up, the upper
layers may screw things up badly.
>> The SMBecho is due to the keepalive failing
>We (SMB/CIFS developers) would know that, but I doubt that all users
>would realize that
>(for example) creating a file over NFS with a reserved character and
>then reexporting the
>file over SMB with Samba configured with managled names off, or with a
>server that
>is less strict than Samba. Seems like it would be better to print a
>warning like:
> "exiting due to invalid character found in file name"
>rather than killing the session and ending up with the (to most users)
>unehelpful error message.
True. Again, patches welcome :-).
next prev parent reply other threads:[~2021-01-03 4:14 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-01 3:35 [PATCH][SMB3] allow files to be created with backslash in file name Steve French
2021-01-01 6:00 ` Jeremy Allison
[not found] ` <CAH2r5mt+5LQB59w0SPEp2Q-9ZZ2PV=XDMtGpy2pedhF8eKif0A@mail.gmail.com>
2021-01-01 19:58 ` Jeremy Allison
[not found] ` <CAH2r5mvt_cHDbT0xaeLNQn=5cQ0T2-wPgpMkYEGQNdtDZ3kP=A@mail.gmail.com>
2021-01-02 2:58 ` Jeremy Allison
2021-01-02 3:49 ` Steve French
2021-01-02 5:25 ` Jeremy Allison
2021-01-03 0:19 ` Steve French
2021-01-03 1:21 ` Jeremy Allison
2021-01-03 1:25 ` Jeremy Allison
2021-01-03 3:45 ` Steve French
2021-01-03 4:13 ` Jeremy Allison [this message]
2021-01-01 20:06 ` Jeremy Allison
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210103041323.GA162327@jeremy-acer \
--to=jra@samba.org \
--cc=linux-cifs@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=smfrench@gmail.com \
--cc=xifeng@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).