Safe netbios characters
don_mccall at hp.com
Thu Jan 17 14:38:07 GMT 2002
I have to agree - we have already seen last year a couple of 'attacks' via
the macros with usernames/machinenames (I forget which) where having a
couple of dots in it allowed the macros to 'climb' back up the tree to
execute.... We need to be careful here...
my 2 cents worth,
From: Andrew Bartlett [mailto:abartlet at pcug.org.au]
Sent: Thursday, January 17, 2002 4:59 PM
To: TAKAHASHI Motonobu
Cc: tpot at samba.org; jholland at cs.selu.edu;
samba-technical at lists.samba.org
Subject: Re: Safe netbios characters
TAKAHASHI Motonobu wrote:
> Tim Potter wrote:
> >I'm not sure whether this patch is complete. According to the User
> >Manager the following characters can't be present in a username:
> >Not sure about domain names though. Also the space character is
> >specifically allowed in both domain and usernames!
> If you imagine Japanese, more and more characters should be available.
> "What character is valid" depends on the codepage, so it should depend
> on "client code page" parameter if strictly or all characters except
> some dangerous chars need to be available, I think.
If we do it that way we *will* miss some.
The idea is that this check is *parinoid*. All efforts to change
'alpha_strcpy' to be less paranoid will meet with my strongest
opposition. This includes efforts to make it 'mulitbyte aware'.
This code is there becouse people use these variables in % macro
expansion. As such we need this parinoia.
When I get a chance I intend to allow at least some more flexability in
HEAD by allowing strange characters in the name we use for processing
username maps and the name we pass to the DC but not the name we use the
the %U expansions.
I have not yet looked at what to do for actual unix usernames.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical