svn commit: samba r6008 - in trunk/source/rpc_server: .

Simo Sorce idra at samba.org
Wed Mar 23 22:02:19 GMT 2005


On Wed, 2005-03-23 at 21:45 +0000, jra at samba.org wrote:
> Author: jra
> Date: 2005-03-23 21:45:46 +0000 (Wed, 23 Mar 2005)
> New Revision: 6008
> 
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6008
> 
> Log:
> Add privillage check for SE_DISK_OP (is this the right privilage?)

No, I don't think this is the right privilege, and honestly I do not
think we really need a privilege here yet.

The message sent with message_send_pid will be reject if you are not
root so there is no harm with this function afaik.

Can we revert this change? I will add a proper privilege wrapper
function when we want to extend it to let other users than root to use
the function.

> before allowing users to shut down any sessions.
> Simo - please check security before allowing state changes. Please
> review this change.

Done yet, If you test with a regular user, you will see that
message_send_pid will fail and you get back WERR_ACCESS_DENIED.

Tested trying to kill other sessions when connected as a normal user
through server manager.

Simo.

-- 
Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it


More information about the samba-technical mailing list