/proc doesn't work with Samba
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Thu Jun 24 21:44:22 GMT 1999
> -----Original Message-----
> From: Gerald Carter [SMTP:cartegw at Eng.Auburn.EDU]
> Sent: Thursday, June 24, 1999 17:05
> To: Multiple recipients of list
> Subject: Re: /proc doesn't work with Samba
>
> Dan Kaminsky wrote:
> >
> > It's not the place of the file sharing architecture
> > to define which files are "too important" to allow
> > remote access to. Is /proc a serious security risk if
> > the nobody user can read it? I mean, there's no reason
> > that you can't set the access user on the /proc share
> > to "nobody".
>
> Maybe I missed something here and so I've got to ask...
>
>
> **Why in the world would you want to share /proc???
>
I suspect it's being shared as part of a share exporting the root
directory. I usually use "dont descend" in these cases, anyway (i.e. for
/dev and /proc). There are more convenience/saftey issues than there are
security issues, really:
You generally don't want to be exporting /dev, as a user poking
around in Windows Explorer who happens, for instance, to have read access to
an auto-rewind tape device (i.e. they're some sort of demi-admin on the Unix
side) could end up suprising someone else when the tape drive tries to
rewind as the poor sap is in the middle of loading it... /dev, especially in
the Land of Big Iron, has just a little too much influence on the Real World
to be casually poked from Explorer. I imagine opening /dev/zero in a text
editor might yield some interesting effects in your network, too.
/proc can do some funky things to Explorer, too, if it tries to
recurse into it to compute directory sizes; think infinite recursion.
(note for dont descend; for a root directory share, omit the leading
slashes)
More information about the samba-technical
mailing list