smbsh and others.
Edan Idzerda
edan at mtu.edu
Thu Oct 8 04:56:44 GMT 1998
On Wed, 7 Oct 1998, Andrew Tridgell wrote:
> > The biggest caveat I can think of is that I don't know how to stop
> > root from getting clear text passwords by writing to the socket.
> > But perhaps that is not introducing a security hole, if they already
> > are root?
>
> root can _always_ get the password. They just need to ptrace the
> program that reads passwords. root is omnipotent :-)
But another instance of the same user generally can't grab
the password if they didn't have it already. Open source to this
kind of tool would make it relatively easy for them. Of course,
we've already conceded that this person is logged in as another user,
which is already a security bummer.
> Would you be able to put some time into writing a prototype of this?
> We will certainly need it before joe user can start using smbwrapper.
I've already got a server mostly prototyped. If my job doesn't suck
the rest of this week I can probably have *something* ugly doing
something like what we've talked about.
Can you tell I work as a system administrator? "probably" have "something"
doing "something like." Oh brother.
- edan
More information about the samba-technical
mailing list