diff options
author | Jeremy Allison <jra@samba.org> | 2020-04-07 09:58:08 -0700 |
---|---|---|
committer | Ralph Boehme <slow@samba.org> | 2020-04-09 21:21:46 +0000 |
commit | c4176b1cea4dc55c8c438cc2522f128e7d9f354b (patch) | |
tree | 4b2adc0858bedc0f0602614de4728a84763a0133 /WHATSNEW.txt | |
parent | 27d362c6cdca0c97cb48aeafc18872d2e0b001d0 (diff) | |
download | samba-c4176b1cea4dc55c8c438cc2522f128e7d9f354b.tar.gz |
Update WHATSNEW.txt to explain the vfs_widelinks module addition.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 9 21:21:46 UTC 2020 on sn-devel-184
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e9b269209f0..e47f0806332 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -27,6 +27,30 @@ we test with in our CI infrastructure. (Build time support for the file server with Python 2.6 has not changed) +wide links functionality +------------------------ + +For this release, the code implementing the insecure "wide links = yes" +functionality has been moved out of the core smbd code and into a separate +VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded +by smbd as the last but one module before vfs_default if "wide links = yes" +is enabled on the share (note, the existing restrictions on enabling wide +links around the SMB1 "unix extensions" and the "allow insecure wide links" +parameters are still in force). The implicit loading was done to allow +existing users of "wide links = yes" to keep this functionality without +having to make a change to existing working smb.conf files. + +Please note that the Samba developers recommend changing any Samba +installations that currently use "wide links = yes" to use bind mounts +as soon as possible, as "wide links = yes" is an inherently insecure +configuration which we would like to remove from Samba. Moving the +feature into a VFS module allows this to be done in a cleaner way +in future. + +A future release to be determined will remove this implicit linkage, +causing administrators who need this functionality to have to explicitly +add the vfs_widelinks module into the "vfs objects =" parameter lists. +The release notes will be updated to note this change when it occurs. REMOVED FEATURES ================ |