question about make_connection_snum function
Gerald (Jerry) Carter
jerry at samba.org
Fri Feb 23 18:00:36 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy,
> Yes I can see a reason it isn't correct. It's valid to add
> a security descriptor to the IPC$ share. Why exempt IPC$
> from security checks ?
True. But I think the check was probably there to prevent
a server from suffering from a sec_desc that got corrupted
and therefore locked everyone out. I agree with you that
this should be possible but I don't think I would be
comfortable unless I did more testing to know what impact
that could have.
I'm not particulary opposed to the idea (of setting an ACL
on IPC$) but I'm not convinced it would entirely work like
we think it should without more testing.
Make sense?
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF3yvEIR7qMdg1EfYRAuyOAKCT70g8Lce8LJJx9I13eUAV9HJo5ACeNZij
nJEyFwLejGlzjbdLZp/ZLZI=
=tJUd
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list