security risk with private DOMAIN.TRUST_ACCT.mac files

[Luke Leighton]

i have seen people reporting log files that show .mac files to be in the
/etc/ directory.

if these files are world-readable then there is a risk that these files
can be used to compromise the security of your PDC (i.e use them to obtain
user SMB password hashes, or do a brute-force login attack).

please therefore read the following carefully.

IF you have DOMAIN_NAME.TRUST_ACCT.mac files in /etc (or any other
world-readable directory) AND

IF a ls -al /etc/*.mac shows that you have permissions other than
rw-------, or an owner other than root, THEN:

please report, direct to myself at lkcl at samba.org and NOT to the above
lists:

- exactly where you obtained samba from (part of your distribution?)

- exactly which version of samba you have (use bin/smbd -h)

- exactly which version of your operating system you have (if samba came
with your distribution).

any information received will remain confidential and will enable me to
report to any samba distributors that they correct their (or our :-) samba
installation scripts, and to create an appropriate bugtraq report, if
necessary.

if you find that these files are not root-owned or do not have the correct
permissions, do this:

chown root /etc/*.mac
chmod go-rwx /etc/*.mac


IF these files are owned by root AND are not world-readable, THEN:

there is no risk to the security of your Samba Domain.  except of course
if you don't trust root.



there is a very good reason why the samba team decided to put these files
in /usr/local/samba/private (the default permissions on the private/
directory is rwx- to root only).

regards,

luke (samba team).