svn commit: samba r6008 - in trunk/source/rpc_server: .
Simo Sorce
idra at samba.org
Wed Mar 23 22:02:19 GMT 2005
On Wed, 2005-03-23 at 21:45 +0000, jra at samba.org wrote:
> Author: jra
> Date: 2005-03-23 21:45:46 +0000 (Wed, 23 Mar 2005)
> New Revision: 6008
>
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6008
>
> Log:
> Add privillage check for SE_DISK_OP (is this the right privilage?)
No, I don't think this is the right privilege, and honestly I do not
think we really need a privilege here yet.
The message sent with message_send_pid will be reject if you are not
root so there is no harm with this function afaik.
Can we revert this change? I will add a proper privilege wrapper
function when we want to extend it to let other users than root to use
the function.
> before allowing users to shut down any sessions.
> Simo - please check security before allowing state changes. Please
> review this change.
Done yet, If you test with a regular user, you will see that
message_send_pid will fail and you get back WERR_ACCESS_DENIED.
Tested trying to kill other sessions when connected as a normal user
through server manager.
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list