Package: samba Version: 2:4.1.17+dfsg-2+deb8u1 Severity: normal Dear Maintainer,
After the recent security update, shares of the root directory (path = /) no longer work. The message in the log is [2016/01/23 14:12:18.354046, 3] ../source3/smbd/vfs.c:1141(check_reduced_name) check_reduced_name [etc] [/] [2016/01/23 14:12:18.354167, 2] ../source3/smbd/vfs.c:1234(check_reduced_name) check_reduced_name: Bad access attempt: etc is a symlink outside the share path conn_rootdir =/ resolved_name=/etc [2016/01/23 14:12:18.354219, 3] ../source3/smbd/filename.c:1404(filename_convert_internal) filename_convert_internal: check_name failed for name etc with NT_STATUS_ACCESS_DENIED My full smb.conf file is: [global] server string = %h server (Samba %v) interfaces = br0, br1, 127.0.0.1 bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 load printers = No show add printer wizard = No preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root [root-readonly] path = / valid users = drothe admin users = drothe hosts allow = 10.249.1.102, 10.249.1.104 Setting "wide links = yes" and "allow insecure wide links = yes" has no effect. I suspect this is due to patch cve_2015_5252.diff, but I'm not sure as my attempts to rebuild the package without the package fail. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages samba depends on: ii adduser 3.113+nmu3 ii dpkg 1.17.26 ii libasn1-8-heimdal 1.6~rc2+dfsg-9 ii libbsd0 0.7.0-2 ii libc6 2.19-18+deb8u1 ii libcomerr2 1.42.12-1.1 ii libhdb9-heimdal [heimdal-hdb-api-8] 1.6~rc2+dfsg-9 ii libkdc2-heimdal 1.6~rc2+dfsg-9 ii libkrb5-26-heimdal 1.6~rc2+dfsg-9 ii libldb1 2:1.1.17-2+deb8u1 ii libpam-modules 1.1.8-3.1 ii libpam-runtime 1.1.8-3.1 ii libpopt0 1.16-10 ii libpython2.7 2.7.9-2 ii libroken18-heimdal 1.6~rc2+dfsg-9 ii libtalloc2 2.1.1-2 ii libtdb1 1.3.1-1 ii libtevent0 0.9.21-1 ii lsb-base 4.1+Debian13+nmu1 ii multiarch-support 2.19-18+deb8u1 ii procps 2:3.3.9-9 ii python 2.7.9-1 ii python-dnspython 1.12.0-1 ii python-ntdb 1.0-5 ii python-samba 2:4.1.17+dfsg-2+deb8u1 pn python2.7:any <none> ii samba-common 2:4.1.17+dfsg-2+deb8u1 ii samba-common-bin 2:4.1.17+dfsg-2+deb8u1 ii samba-dsdb-modules 2:4.1.17+dfsg-2+deb8u1 ii samba-libs 2:4.1.17+dfsg-2+deb8u1 ii tdb-tools 1.3.1-1 ii update-inetd 4.43 Versions of packages samba recommends: ii attr 1:2.4.47-2 ii logrotate 3.8.7-1+b1 ii samba-vfs-modules 2:4.1.17+dfsg-2+deb8u1 Versions of packages samba suggests: pn bind9 <none> pn bind9utils <none> pn ctdb <none> pn ldb-tools <none> ii ntp 1:4.2.6.p5+dfsg-7+deb8u1 pn smbldap-tools <none> pn winbind <none> -- debconf information: samba/run_mode: daemons samba/generate_smbpasswd: true samba-common/title: