URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
vorlon at netexpress.net
vorlon at netexpress.net
Mon Dec 20 21:49:28 GMT 1999
On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:
> this is REALLY bad.
> 1) you CANNOT put smbpasswd in /etc.
> 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc.
> i know that these require root access, however if your users start to
> assume that just because these files are in /etc, they are equivalent to
> /etc/passwd, they may decide to make these world-readable, and as a result
> they will compromise the security of the box, and potentially the security
> of remote nt-compatible boxes too (including other samba servers) because
> these files contain CLEAR_TEXT EQUIVALENT PASSWORDS.
> for example, private .mac files can contain information sufficient to
> compromise a remote server by obtaining all remote clear-text equivalent
> passwords: the .mac file is used to store the "Backup Domain Controller"
> trust account password.
Luke,
I find this conclusion to be rather odd. There are plenty of files in the
/etc directory on all my RedHat systems which are only readable by root,
the most notable being /etc/shadow. Have you encountered real-world cases
of users/admins changing the permissions on /etc/smbpasswd after it has
been properly installed root-only, or are you extrapolating based on what
you know of the intelligence of the average RedHat user? ;)
I don't see why anyone with legitimate root-access to a system would
willfully go about changing permissions on files if they don't understand
what those files are. I also don't see how moving the file to a
subdirectory will make a difference: the admin can just as easily chmod
the private directory as he can the smbpasswd file, so moving the file to
a subdirectory doesn't get you all that much security.
As long as the RPM properly installs the files root-only, and as long as
*Samba* properly secures all of the .mac files upon creation instead of
making unsafe assumptions about directory permissions, then /etc should be
just as safe as anywhere else.
Also, please note that RedHat themselves are not the only ones creating
RPMs with these settings. If you take a look at samba.org's ftp site,
you'll find that the RPMs provided there use the same directory structure.
Here's a look at one such package:
$ rpm -qi samba
Name : samba Relocations: (not relocateable)
Version : 2.0.6 Vendor: (none)
Release : 19991110 Build Date: Wed 10 Nov 1999 11:05:24 PM CST
Install date: Sun 05 Dec 1999 04:26:11 PM CST Build Host: arvidsjaur
Group : Networking Source RPM: samba-2.0.6-19991110.src.rpm
Size : 7536253 License: GNU GPL version 2
Packager : John H Terpstra [Samba-Team] <jht at samba.org>
...so perhaps this should be discussed more thoroughly among the members
of the Samba Team before you start scaring the distribution maintainers?
:)
-Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list