CVS update: samba/source/smbd
Gerald (Jerry) Carter
jerry at samba.org
Sun Jul 13 02:17:38 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 12 Jul 2003, Volker Lendecke wrote:
> On Fri, Jul 11, 2003 at 02:49:44PM -0500, Gerald (Jerry) Carter wrote:
> > if we don't know a sid, then we can't do anything about it. I
> > know all the discussion surrounding it, but it was something we
> > had give up to get some of the other things working. Sorry about
> > your article. If you can describe a solution within the current
> > framework, I'll gladly listen.
>
> That's what my patch had tried to fix. I don't know what else I broke,
> but with that patch it worked. Could you tell what part of my logic was
> wrong?
See my response to bartlet on samba-technical wrt to unknown SIDs.
I remember your patch didn't use the winbindd_sid_to_uid_query() call
like the original code, but given that the original code was wrong
this is kind of a moot point.
I looked over your patch again and I see how it would allocate a uid
for an unknown SID, but I think this opens us up ot a DoS attack.
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/EMFCIR7qMdg1EfYRAi7uAJ9lnF+oiqCZXanolZQ2GqDfYa0w4gCeLAS6
4Q2bNLBWVUick4GgYNB4ITE=
=lAIz
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list