Users able to execute windows .exe though execute bit not set

Esh, Andrew Andrew_Esh at adaptec.com
Tue Apr 1 22:22:33 GMT 2003


Perhaps you're thinking of the setuid/setgid/sticky bits. This is why I
referred the question to Jeremy Allison. He (literally) wrote the book on
this. I'd quote from his CIFS presentation, but I can't find it online, and
I don't have my copy with me.

There should also be some consideration of the security implications. If
someone can use a Windows mount to push a file onto a Unix server, and get
it's execute and setuid bits set, they could run the program as the Unix
user who writes files on the share. It may not be much of a hole, but it is
one.

This is why I think there should be no mapping between Windows and Unix, and
only an ACL which controls execute permission for Windows. The functionality
would be there for both systems, but neither could easily affect the other.

-----Original Message-----
From: David Brodbeck [mailto:DavidB at mail.interclean.com]
Sent: Tuesday, April 01, 2003 3:48 PM
To: 'Jim McDonough'; Esh, Andrew
Cc: John H Terpstra; samba-technical at lists.samba.org; Nick Drouet;
samba-technical-bounces+jmcd=samba.org at lists.samba.org
Subject: RE: Users able to execute windows .exe though execute bit not
set




> -----Original Message-----
> From: Jim McDonough [mailto:jmcd at us.ibm.com]

> The unix "x" bit is a perfectly 
> reasonable place to
> store this, and unix has the same problems windows does...if 
> you can read
> it, you can copy it and change the bits in your own copy.

Isn't the UNIX "x" bit already taken?  I thought it was being used to map
one of the other DOS mode bits.


More information about the samba-technical mailing list