smbpasswd and euid detection
Steve Langasek
vorlon at netexpress.net
Thu Jan 2 23:00:00 GMT 2003
On Thu, Jan 02, 2003 at 03:56:39PM -0700, Craig Kelley wrote:
> On Thu, 2 Jan 2003, Steve Langasek wrote:
> > On Thu, Jan 02, 2003 at 02:23:09PM -0700, Craig Kelley wrote:
> > > > I consider confusing smbpasswd with the Unix passwd command a sign that
> > > > one doesn't really have that much knowledge, at least where smbpasswd
> > > > itself is concerned. It's easy to jump to the conclusion that smbpasswd
> > > > needs root privs to make changes to the smbpasswd file -- it does not --
> > > > and the program has *not* been audited for use as an suid program, so
> > > > it's dangerous to treat it the same as passwd.
> > > > So if someone can run smbpasswd indirectly from an suid wrapper, there's
> > > > still a high potential for security problems, the same as if smbpasswd is
> > > > suid itself. If you need to let users call smbpasswd in an suid root
> > > > context, your wrapper should do its own vetting of the user input and
> > > > then assume full root privileges.
> > > Then let's add suid checking to every program.
> > Most programs don't have the problem of people assuming they're analogous
> > to other suid programs.
> Most people who understand how to bless suid powers on an executable
> are familiar with the ramifications of doing so.
Are you hiring? Wherever you got this idea is somewhere I think I'd like
to be. ;)
Cheers,
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030102/3a570350/attachment.bin
More information about the samba-technical
mailing list