kalele at veritas.com
Wed Oct 29 20:59:14 GMT 2003
Sorry, Jeremy, given that there's no spec, the old what-ms-does-is-correct
rule will have to apply here. But you're right that this seems like a
security flaw, allowing a view into the dfs topology with no
On Tue, Oct 28, 2003 at 01:25:37AM +0000, Jeremy Allison wrote:
> Hmmm. Whilst fixing bug #667 I think I've noticed that a W2K SP4
> redirectory will sometimes do call_trans2getdfsreferral() IPC$
> calls as the anonymous user for DFS paths returned from a logged
> in user. It doesn't seem to care that it shouldn't have the
> privillages to look up this path (and indeed in Samba it doesn't).
> I wonder if this is a security flaw in the W2K MSDFS server code
> that it must allow the W2K redirector to do this.
> I can emulate it of course by becoming root before doing the DFS
> lookup, I'm just not sure I should.
> Shirish, or anyone working on the DFS code, any ideas ?
More information about the samba-technical