Samba 2.0.9 release - SECURITY FIX

okuyamak at dd.iij4u.or.jp okuyamak at dd.iij4u.or.jp
Sat May 12 01:45:46 GMT 2001 

Dear Mike,

>>>>> "MS" == Michael Sweet <mike at easysw.com> writes:
>> 3) In 'samba/examples/' of both 2.2.0 and 2.0.*, there are many
>> smb.conf examples. And in them, you give (with commented out
>> though) example of how to share /tmp among peoples.
>> Won't this become problem? I mean, letting people open the
>> file inside /tmp directory do have chance of stepping onto
>> other people's temporary files, won't we?
MS> Not as long as the "sticky" bit is properly set on the share and
MS> the SAMBA usernames map to unique UNIX usernames...

DOUBT.

1) That's only protectable if samba does not have any bug.
  Since smbd have root permission as default status, even if
  /tmp file have all the proper attribute, smbd still have chance
  of changing that file.

    The cracker might not have chance of controlling "all" the
  functionality attached to smbd, but might have "some".
  For example, cracker might not have functionality of adding
  new "shared directories list", and still can do only limited
  things ( like changing existing files only ).

    We can't assume that attack being held aginst samba will result
  in all or nothing ( meaning cracker got root permission process
  and can do anything he/she like, or failed in cracking ).
    Current Samba is still being made in very CARELESS status.
  mktemp() problem is only those of "well known".

2) How can you have such a pretention?
   Even if Samba itself did not have bug, if some other program
   did have bug, and also, if Windows Client was being cracked,
   Samba will have chance of 'giving hand' to cracker.

   I'm not saying that example cracking is being caused by Samba.
   But ... it's like carelessly setted MTA which re-sends
   SPAM. We should not make Samba in careless setting status.
   We can make this kind of chance less, by not giving example of
   how to share /tmp, nor any other directories with dangerous
   possibilities.


So I think, at least, we should not give user a bad example.

# And after all, what we should do quick is simple.
# Just remove those /tmp example from smb.conf examples.
# It's not that hard nor difficult, is it?

More information about the samba-technical mailing list