[Samba] prexec change between 3.0.24 to 3.0.25
Jeremy Allison
jra at samba.org
Thu May 17 17:44:43 GMT 2007
On Thu, May 17, 2007 at 12:27:45PM -0500, Schaefer Jr, Thomas R. wrote:
> Hello,
>
> I've been testing out 3.0.25 before putting it into production and came
> across an issue.
>
> As a simple example..
>
> in a share definition
>
> root preexec = echo "hey there, hi there, hello" > /tmp/hiya.txt
>
> works fine under 3.0.24
>
> not so under 3.0.25, /tmp/hiya.txt isn't created.
>
> Cranking up the debugging and using some other similiar tests it seems
> to me that Samba is in fact issuing the command but anything with a
> redirect (> or >>) samba now seems to be passed as an argument to the
> command now instead of directly to the shell. In other words I think
> Samba is issuing
>
> echo "hey there, hi there, hello" \> \/tmp\/hiya.txt
>
> My real world problem comes from simply trying to redirect a grep to
> /dev/null
>
> Something like this
>
> root preexec = /usr/bin/grep share_name
> /loginbats/%U/login.bat > /dev/null
> root preexec close = yes
>
> I can work around it apparently by just leaving off the > /dev/null, I
> guess Samba likely sends any output from a preexec to /dev/null anyway.
>
> So anyhow, is this new Samba 3.0.25 preexec behavior expected behavior?
> I couldn't find mention of it in the WHATSNEW.txt
Yes it is I'm afraid. We now sanitize completely any
shell meta-characters to avoid any security issues
with user generated input being passed to a shell.
I was a little worried this might break some existing
setups but this is the first report I've had, and believe
me security problems are worse than breaking setups :-).
Jeremy.
More information about the samba
mailing list