SAMBA-TECHNICAL digest 865
davecb at canada.sun.com
Mon Oct 4 12:27:49 GMT 1999
Jeremy Allison <jallison at cthulhu.engr.sgi.com> wrote:
> 1). Evil Hacker (tm) crashes the real NT PDC (quite easy I'm
> afraid if it has a TCP port 139 open).
> 2). Evil Hacker (tm) sets their own laptop up as a logon
> server and registers the 1C name for the domain (which they
> can now do as the PDC is down).
> 3). Evil Hacker (tm) uses smbclient to connect as user "root"
> to a Samba server, and sets his own laptop to allow any password
> authentication for the user "root"......
This is exactly what a hacker in Kansas did with
a Yellow Pages server he subverted in Canada, in
an attack on a client in Japan, circa 1990.
The international phone call, in the middle of
the night, was something of a "security wake-up call"
for my organization (;-))
I recommend the Samba team be a bit cautious about
reproducing the problem.
However, you might instead wish to consider this
as a different problem:
Time Towers wrote:
> If there was a %D substitution for workgroup/domain
> then "password server = $d.ntpdc.whatever" could be
> used to automatically configure it using DNS,
This sounds more like as an opportunity
to consider parameterization of smb.conf files.
What, if anything, do you plan to do in the
foreseeable future towards such site-local changes?
If you don't want to add more complexity to the
file and SWAT, it could be treated as a Unix
problem instead of a Samba problem: the sites
desiring centrally maintained .conf files might
use m4 macros to edit the scripts, possibly under
the control of track or rdist.
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | http://java.science.yorku.ca/~davecb
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical