svn commit: samba r16123 - in
branches/SAMBA_4_0/source/torture/rpc: .
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sat Jun 10 09:59:07 GMT 2006
On Fri, Jun 09, 2006 at 09:13:29AM -0700, Andrew Bartlett wrote:
> > Samba3 in the buildfarm will happily create (faked(!!))
> > users anonymously. Disable that test for now.
>
> On the build farm, all connections come in as == sec_initial_uid, also
> the owner of smbpasswd because the whole thing runs as non-root.
Sure, but relying on being root works but might be called
a design flaw. Proper security descriptors on the SAM and
all checks in all operations should be much better. We have
a couple of different ways in Samba3 (uid==0, check for
initial_uid, user being local admin etc) to check if a
privileged operation is allowed. This needs consolidation.
And when we are there, even in the build farm it should be
possible to reject create_user with a more fine-grained
test.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060610/f59430cf/attachment.bin
More information about the samba-technical
mailing list