smbsh issues w/ samba-2.0.7
David.Collier-Brown at canada.sun.com
Fri Nov 3 12:53:24 GMT 2000
"Jason Haar ;" wrote:
> Yeah - but weren't the glibc features removed, removed due to security
> problems? If so, should smbsh use such calls anyway?
They broke LD_PRELOAD, but not LD_LIBRARY_PATH,
so whatever security problems there were still
exist. All LD_PRELOAD does is provide a "list
of shared objects that are to be interpreted
by the runtime linker. The specified shared
objects are linked after the program is
executed but before any other shared objects
that the program references". (Solaris man page)
The security issue is running any setuid-root
program with a library outside of /usr/lib and
/etc/lib. Slolaris' ld subsititues the proper
path and ignores both LD_PRELOAD and LD_LIBRARY_PATH.
> For the brief time smbsh existed under RedHat 5.x (old glibc), I got majorly
> into it - it certainly beats the socks off smbmount in terms of
> functionality (gives you Network Neighbourhood, "automount" of all servers
> simultaneously, etc, etc).
> Now we have a Samba-world where Linux has smbmount and everyone else has
> smbsh :-(
Which is arguably a bad move!
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical