Combined use of samba cvs main and SAMBA_TNG
Jeremy Allison
jeremy at valinux.com
Mon Jan 3 23:12:43 GMT 2000
Luke Kenneth Casson Leighton wrote:
> the cvs main smbd will automatically check for the msrpc services running
> [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will
> fall back to using its own, internal msrpc code.
Unfortunately I'm not *amazingly* happy with the code
changes as they seem to be a bit big and touch a lot of
subsystems.
I note that when you open the pipe in the lock directory
you do *no* permissions checking to ensure that this pipe
was created by a root level process.
Passing off authentication requests to whichever process
created the pipe may be considered, well, suspect.
I'm not sure the code you wrote is a security problem, but
I need to think about potential exploits and be concerned
here I think.
I'm not going to revert the changes you made, I'm going
to let Andrew take a look and decide first, as he is
officially in charge of HEAD.
Please don't put these changes into the 2_0_X branches
yet.
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list