Proposal: Good Neighbor Policy

Dan Kaminsky effugas at best.com
Mon Dec 13 19:22:51 GMT 1999


Luke has asked me to make this a more explicit proposal, so I'm doing so:

I believe it is imperative that, in the coming developments of PDC
functionality, a *primary release objective* needs to be that we *not*
disable any network that a novice administrator incorrectly configures
Samba within.

The story I relayed earlier referenced what happened at a *very* large
multinational company--Linux workstations *banned* at their San Jose site,
all because of a misconfigured routing daemon.

As I said, we didn't design the protocols, but we have to live within
them.  If, in the process of experimenting with Samba PDC's, a junior
engineer interferes with--or worse, crashes--production machines, we're
going to be blamed and Samba is going to get a dangerous reputation.

We haven't had to deal with this yet because our PDC support is
(sadly/luckily) rather difficult to get working.  Microsoft has dealt with
this by making NT a holy terror to get functioning as a PDC at all, and an
absolute impossibility to get to *cease* functioning as one.

I don't see the latter changing, but the former's going to.  When it does,
we *have* to check to see if our behavior is such that it will break the
local LAN.  If so, unless the user has explicitly configured their version
of Samba not to(preferably through a *compile time switch*), we need to
disable ourselves.

Nothing we ever expect anybody to actually test should ever cause damage
outside the scope of the user's own computer.  Such is the requirement of
the Good Neighbor policy I propose, and honestly I presume is already in
place in some unofficial manner.

Yours Truly,

	Dan Kaminsky
	DoxPara Research
	http://www.doxpara.com

P.S. This what you wanted me to write up, Luke?
	
 


More information about the samba-technical mailing list