WinXP SP2 security zones, streams and Samba
Alexander E. Patrakov
patrakov at ums.usu.ru
Sun Aug 22 05:30:49 GMT 2004
Andrew Bartlett wrote:
> I was pointed at: http://www.heise.de/security/artikel/50051/0
>
> While the various 'get around zones' measures presented here are classic
> goofs, the one that worries me is the need for the filesystem to
> implement streams, and while MS can easily 'explain away' FAT use, I
> think Samba falls into the same category.
>
> I understand we now support OS/2 extended attributes, but it looks like
> full NT stream support might be something we need sooner rather than
> later. When I get some time I'll play about with my WinXP SP2 machine,
> and see how this really works, but I figured it would be worth posting
> the heads-up.
>
> Naturally, this opens up a whole can of worms, particularly as every
> other application will also want to use them.
Maybe (in SAMBA 5.0) we should also offer, due to increasing differences
between "file", "access rights" and similar notions in UNIX and Windows,
an option to serve fully-windows-compatible shares not from normal UNIX
directories, but from some kind of databases (binary blobs, maybe even DB4).
--
Alexander E. Patrakov
More information about the samba-technical
mailing list