Testing of Security vulnerability

John E. Malmberg malmberg at Encompasserve.org
Wed Apr 25 21:02:01 GMT 2001

Regarding the fix in the 2.0.8 / 2.2.0 release.

I need someone to send me privately either the instructions to test
SAMBA on OpenVMS for the security vulnerability.

Or to confirm based on the following that SAMBA on the OpenVMS platform is
not vulnerable.

1. OpenVMS does not implement SYMBOLIC LINKS in any shipping release.

2. OpenVMS does not allow raw access to any file structured device via
   any of the syscalls used by SAMBA unless the System Administrator has
   made a strange change to the SAMBA startup scripts.  And even if this
   strange change was made, I have not found any code paths that allow
   the corruption of the file data.

3. Because of the way /tmp is handled by SAMBA on OpenVMS, it is not real
   likely that creative relative path "../../" stuff will result in
   anything other than an error return.

It is unlikely that I will be able to build an updated release for a
while, so it would be nice to establish the risk for the OpenVMS platform
for the existing SAMBA 1.19.x, 2.0.3, and 2.0.6 releases.

Malmberg at encompasserve.organization
wb8tyw at qsl.network

More information about the samba-technical mailing list