libsmbclient and browsing NT and Win9X workgroups:
Evidence of bad things
Richard Sharpe
sharpe at ns.aus.com
Fri Feb 16 04:10:56 GMT 2001
At 02:12 PM 2/16/01 +1100, Andrew Tridgell wrote:
>> Hmmmm, if nmbd is not running when the user does an smbc_init, things are
>> not likely to be reliable ... so we must start nmbd, which means that I
>> need an SUID wrapper to start nmbd.
>
>no, you should either report an error or you should fall back to an
>alternative set of code (it is quite possible to browse without
>getbackuplist - it just requires some nasty NBT hacks).
Examples please?
>auto-launching nmbd is bad because the sysadmin might have quite
>deliberately left it off, or the config file might have some error in
>it that opens a security hole.
>
>I know that user conveniece is important, but security is more so :)
Yes, I agree ...
>Cheers, Tridge
>
Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba
More information about the samba-technical
mailing list