Need to map SIDs for unknown users
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Jul 13 11:03:23 GMT 2003
On Sat, Jul 12, 2003 at 09:09:18PM -0500, Gerald (Jerry) Carter wrote:
> Unless we know a SID is valid, I don't believe we should allocate
> any uid or gid for it.
The most striking example for the need of this was described by tridge
at SambaXP: Backup of arbitrary servers or user's local directories in a
workgroup environment. We move so close towards NT that I would really
like to take this last step as well.
I do see that we have a potential DoS scenario here, but I don't really
see how this can create a security problem. If the uid space is
exhausted, we should return an appropriate error code. For certain
specialized scenarios we might also create a little cleanup tool that
scans filesystems for id's and purges the unused ones. I know that this
is a problem with backups, but it might help the conscious admin.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030713/ab7ff436/attachment.bin
More information about the samba-technical
mailing list