Security hole?

Andrew Tridgell tridge at
Tue May 5 11:00:09 GMT 1998

> > hmmm, if you set this option in NT then how does browse list
> > propogation work? There is no way you could do inter-subnet browsing
> > without null sessions.
> the win95 and nt clients, if you reject null sessions on IPC$, reconnect
> with the currently logged-in username and password.  i have been
> mentioning this since january.

nope, that doesn't make sense. browse lists are maintained when there
isn't anyone logged in. Browse syncs are also done by NT servers
sitting in a corner without a keyboard attached. 
> it also solves the [homes] problem.

nope, this is quite separate from the [homes] problem (if there is a
[homes] problem!)

Win95 and NT clients *only* generate null sessions when doing a browse
sync of machines names, not when "browsing" for a list of shares. A
Win95 or NT client cannot be made to do a null session connect when
using network neighborhood or any other user initiated
browse. Remember that a null session is a session with a null username
and null password. Win95 and NT clients will generate attempted logins
with a null password but not with a null username. 

browse synchronisation is a special case because there is no username
that can possibly be sent as it is a function of the underlying browse
protocol maintainence not of user actions.

Cheers, Andrew

More information about the samba-ntdom mailing list