Combined use of samba cvs main and SAMBA_TNG

Luke Kenneth Casson Leighton lkcl at
Tue Jan 4 06:00:16 GMT 2000

On Mon, 3 Jan 2000, Jeremy Allison wrote:

> Luke Kenneth Casson Leighton wrote:
> > the cvs main smbd will automatically check for the msrpc services running
> > [from the SAMBA_TNG branch].  if it doesn't find them, cvs main smbd will
> > fall back to using its own, internal msrpc code.
> Unfortunately I'm not *amazingly* happy with the code
> changes as they seem to be a bit big and touch a lot of
> subsystems.
> I note that when you open the pipe in the lock directory
> you do *no* permissions checking to ensure that this pipe
> was created by a root level process. 

ok... how do you do that?  remember, i'm not a unix person..  i'm not
actually even an nt person!  i'm a really odd mixture of unix concepts and
nt concepts, mostly derived from studying the wire!
> Passing off authentication requests to whichever process
> created the pipe may be considered, well, suspect.

the pipe is created by root, and is chmodded to 600 (if that's possible)
and the directory chomdded to 700.

you reckon i's suficient to read the directory permissions, and if they're
not 0700, drop the connection?

> I'm not sure the code you wrote is a security problem, but
> I need to think about potential exploits and be concerned
> here I think.

> I'm not going to revert the changes you made, I'm going
> to let Andrew take a look and decide first, as he is 
> officially in charge of HEAD.

one way to get a security review is to chuck code at people.  andrew
looked at that stuff already, and made some very useful comments on it.
now you've taken a peek and pointed out somethng else.

this ois cool!  we should do this more often!
 > Please don't put
these changes into the 2_0_X branches > yet.


More information about the samba-technical mailing list