libsmbclient and browsing NT and Win9X workgroups: Evidence o
f bad things
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Fri Feb 16 15:01:56 GMT 2001
Richard,
I agree; launching nmbd in the background has a lot of downsides. I liked
the idea of being able to put your own listener on that port if nmbd wasn't
running, but again the objections brought up for this are unfortunately
valid (imho).
While it's VERY painful to have to tie a library to a specific version of a
daemon, it sounds like this is the least dangerous option. Key would be to
make it VERY debuggable (meaning supportable). Document the hell out of the
dependency whereever you can, and if you fail the dependency test at
runtime, make sure you syslog it.
I am pretty strictly on the support and cpe side of NOS products for HP, so
don't deal with appliances, etc generally. But seems to me that by
introducing this dependence, we are going to be putting people in the
position of having to update Samba to a new version in order to use this,
and that is always painful. Not from a standpoint of the actual update
itself, but the inevitable testing and unexpected behavior changes that
always come with new versions of software. It's a shame that nmbd and smbd
are so tied together; Ideal world would allow for an update to the nmbd
daemon, while leaving the workhorse smbd unupdated, and thus most visible
user behavior unchanged.
Don
-----Original Message-----
From: Andrew Tridgell [mailto:tridge at samba.org]
Sent: Thursday, February 15, 2001 10:13 PM
To: sharpe at ns.aus.com
Cc: samba-technical at us5.samba.org
Subject: Re: libsmbclient and browsing NT and Win9X workgroups: Evidence
of bad things
> Hmmmm, if nmbd is not running when the user does an smbc_init, things are
> not likely to be reliable ... so we must start nmbd, which means that I
> need an SUID wrapper to start nmbd.
no, you should either report an error or you should fall back to an
alternative set of code (it is quite possible to browse without
getbackuplist - it just requires some nasty NBT hacks).
auto-launching nmbd is bad because the sysadmin might have quite
deliberately left it off, or the config file might have some error in
it that opens a security hole.
I know that user conveniece is important, but security is more so :)
Cheers, Tridge
More information about the samba-technical
mailing list