|
|
Subscribe / Log in / New account

The long road to a fix for CVE-2021-20316

The long road to a fix for CVE-2021-20316

Posted Feb 11, 2022 18:43 UTC (Fri) by jra (subscriber, #55261)
In reply to: The long road to a fix for CVE-2021-20316 by NYKevin
Parent article: The long road to a fix for CVE-2021-20316

We did explore a chroot solution. Problem is there are many restrictions on that which make it impossible to use with Samba without a complete rewrite. Rewriting the VFS was an easier task, believe me :-).

to post comments

The long road to a fix for CVE-2021-20316

Posted Feb 12, 2022 0:20 UTC (Sat) by gerdesj (subscriber, #5446) [Link]

Samba is an amazing piece of kit. Your user base is *cough* technically varied in its skill set. It is expected to dance on a shitty old NAS with wheezing discs to the latest bleeding edge SAN as a side trick and all things in between. The expectations of those users is broader than the smile on a croc that has discovered a zebra nursery ... must work on that analogy - a bit brutal.

I can remember testing out Ben Greer's smart new VLAN code in the kernel to get a set of smbd and nmbds running on a fairly large network to get a browse list together. This is me a few years back: https://lwn.net/Articles/75489/ whittering on about it.

Samba makes CIFS/SMB work in ways that MS has never even imagined. That's the thing - imagination. Samba is imaginative where the MS option is rather staid and boring.

Now if it was possible to get ACLs to work like NetWare nwfs/nss ie dynamically calculated on the fly, that would be quite handy.

Anyway, cheers Jez. That was a lot of work fixing things up. Thank you.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds