CVS update: samba/source/printing

Tim Potter tpot at linuxcare.com.au
Tue Jul 11 11:17:32 EST 2000


Jeremy Allison writes:

> Modified Files:
> 	nt_printing.c 
> Log Message:
> Allow name lookup to fail and fall back to using the "Everyone" SID
> as SD owner. Allows smbd to work without winbindd running.
> Check for security implications !
> Jeremy.

This is Not Good as if the SD is owned by Everyone, then anyone
can then apply changes to the security descriptor while winbindd
is not running.  May I suggest changing the owner to the NULL sid
S-1-0-0?  se_access_check() may have to be changed to not allow
access to an object owned by the NULL sid by a user with the NULL
sid.


Tim.



More information about the samba-cvs mailing list