WinXP SP2 security zones, streams and Samba

Alexander Bokovoy ab at samba.org
Sun Aug 22 07:18:05 GMT 2004


On Sun, Aug 22, 2004 at 11:30:49AM +0600, Alexander E. Patrakov wrote:
> Andrew Bartlett wrote:
> >I was pointed at: http://www.heise.de/security/artikel/50051/0
> >
> >While the various 'get around zones' measures presented here are classic
> >goofs, the one that worries me is the need for the filesystem to
> >implement streams, and while MS can easily 'explain away' FAT use, I
> >think Samba falls into the same category.
> >
> >I understand we now support OS/2 extended attributes, but it looks like
> >full NT stream support might be something we need sooner rather than
> >later.  When I get some time I'll play about with my WinXP SP2 machine,
> >and see how this really works, but I figured it would be worth posting
> >the heads-up.
> >
> >Naturally, this opens up a whole can of worms, particularly as every
> >other application will also want to use them.  
> 
> Maybe (in SAMBA 5.0) we should also offer, due to increasing differences 
> between "file", "access rights" and similar notions in UNIX and Windows, 
> an option to serve fully-windows-compatible shares not from normal UNIX 
> directories, but from some kind of databases (binary blobs, maybe even DB4).
It is already possible with Samba 3 VFS layer though we lose some NTVFS
semantics at that layer. Samba4 already allows you to plug-in at NTVFS
layer directly.
-- 
/ Alexander Bokovoy
Samba Team                      http://www.samba.org/
ALT Linux Team                  http://www.altlinux.org/
Midgard Project Ry              http://www.midgard-project.org/


More information about the samba-technical mailing list