BugTraq Post: Symlink attack in (all?) Samba. - Local root walkthrough by Tozz
Robert Dahlem
Robert.Dahlem at gmx.net
Fri Dec 15 08:26:33 GMT 2000
Scott,
On 15 Dec 2000 00:54:17 -0500, Scott Gifford wrote:
>This was posted to BugTraq earlier today; thought I'd put a copy here
>in case anybody hadn't seen it.
>
>I don't think that this "attack" is particularly surprising.
>Basically, he is leveraging a Samba "admin user" account into a UNIX
>root account, using a symlink (created from a shell) to get outside
>of the share.
Too much twits on bugtraq. :-(
man smb.conf reveals (to everyones surprise):
admin users (S)
This is a list of users who will be granted administrative
privileges on the share. This means that they
will do all file operations as the super-user (root).
You should use this option very carefully, as any user in this
list will be able to do anything they like on
the share, irrespective of file permissions.
I stopped reading bugtraq a while ago. Every second script kid thinks
he were Guninski.
Regards,
Robert
--
---------------------------------------------------------------
Robert.Dahlem at gmx.net Fax +49-69-432647
---------------------------------------------------------------
Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.
More information about the samba-technical
mailing list