Security issue with Scheduled (AT) jobs on NTworkstation and SAMBA

Tue Apr 9 09:05:02 GMT 2002

Jeremy,

Thanks for your quick reply, sorry I couldn't be as quick in confirming the
issue has been resolved in later versions specifically SAMBA 2.2.1.

Thanks,

Kevin K. Sochacki
ExxonMobil Research & Engineering
1545 Route 22 East
Annandale, NJ 08801

Room: CB042B
Phone: 908-730-2911
Fax: 908-730-3823
Cell: 908-482-0840
mailto:kevin.k.sochacki at exxonmobil.com

                    jra at samba.org (Jeremy                                                                                   
                    Allison)                         To:     kevin.k.sochacki at exxonmobil.com                                
                    Sent by:                         cc:     samba-technical at lists.samba.org                                
                    samba-technical-admin at lists      Subject:     Re: Security issue with Scheduled (AT) jobs on            
                    .samba.org                         NTworkstation and SAMBA                                              

                    04/01/02 08:50 PM                                                                                       

On Mon, Apr 01, 2002 at 05:30:44PM -0500, kevin.k.sochacki at exxonmobil.com
wrote:
> I use the Scheduler to run a process on a NT workstation that attaches to
a
> SAMBA (SAMBA 2.0.6 on RH 6.2) share as a specific user (USER1),  if
another
> user (USER2) logs onto the system and the link is still established the
> other user (USER2) can access the first user's (USER1) data.  The logged
on
> user (USER2) does not have an account on the SAMBA server and shouldn't
be
> able to access anything and this is true as long as the first user's
> (USER1) link is not established.  If I do the same thing to a NT Server
the
> logged-in user (USER2) is denied access to the data even though the link
is
> established.  This is a pretty serious security issue.   Can anyone
answer
> the following question or have any ideal how to close this rather large
> security hole?
>
> Is there a SAMBA configuration parameter that I'm not aware of that
> addresses this issue?
> or
> Is this a NT workstations issue?
> If it is a NT issue, why so if the problem does not occur with a NT
Server?
>
> Attached is a simple example of a batch file, if run from the scheduler
> will duplicate the problem.
>
> (See attached file: link.bat)
>
> Currently the only work around I have is to use the '/persistent=no' and
> '/d' flags with 'net use' so the link is disconnected after the process
is
> done.  The intention is to update a database with data being collected
from
> research instruments which could run for hours making it a huge security
> risk.

There was a bug with early versions of Samba 2.0 (and previous)
that allowed an open file by a privilaged user to be read by an
unprivilaged user on the same client machine.

I fixed this in the 2.0.x codebase (can't remember the exact
release, I can look this up from the CVS logs) - the original
bug was reported by Rational software (thanks to them). Let me
know if you really need to know what version of 2.0.x fixed
this problem.

This was definately fixed for 2.2.x and is not a current issue.
There are other security related problems with the code you are
running, I seriously suggest you upgrade.

Regards,

           Jeremy Allison,
           Samba Team.