libsmbclient and browsing NT and Win9X workgroups: Evidence of bad things

Steve Langasek vorlon at netexpress.net
Fri Feb 16 16:17:19 GMT 2001


Simo,

> > Hmmmm, if nmbd is not running when the user does an smbc_init, things are
> > not likely to be reliable ... so we must start nmbd, which means that I
> > need an SUID wrapper to start nmbd.

> What about a setuid nmbd ?

Since nmbd was not written to be an suid binary, this would open up a window
of opportunity during which nmbd would be vulnerable.  The Samba code is very
good, but suddenly making this program suid opens up a whole range of
possibilities: what if a user runs nmbd with a -s option that points to a file
in their home directory?  This could be a serious DoS.

Steve Langasek
postmodern programmer





More information about the samba-technical mailing list