CVS update: samba/source/rpc_server
Andrew Bartlett
abartlet at pcug.org.au
Tue Aug 28 07:51:20 EST 2001
Jean Francois Micouleau wrote:
>
> On Tue, 28 Aug 2001, Andrew Bartlett wrote:
>
> > > yep looks fine. should also check if the name ends with a '$' (just in
> > > case).
> >
> > I would prefer not too, as the name ending in $ but not asking for a
> > machine account would certainly be a bug, and would show up bugs in
> > other parts of samba. Magic checks like that don't give me a 'warm
> > fuzzy feeling'. I'm removing the one in reply.c shortly.
>
> no you shouldn't ! You should log a message that a client is doing
> something strange. It's not a magic check, it's a rule of thumb.
Of course. Sorry I wasn't thinking about the whole 'client supplied
input' side of things. Would you agree with checking for the $ and if
it isn't a machine account being created to deny & log it?
Andrew Bartlett
--
Andrew Bartlett
abartlet at pcug.org.au
abartlet at samba.org
More information about the samba-cvs
mailing list