question about make_connection_snum function

simo idra at
Fri Feb 23 18:13:05 GMT 2007

On Fri, 2007-02-23 at 12:00 -0600, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Jeremy,
> > Yes I can see a reason it isn't correct. It's valid to add
> > a security descriptor to the IPC$ share. Why exempt IPC$
> > from security checks ?
> True.  But I think the check was probably there to prevent
> a server from suffering from a sec_desc that got corrupted
> and therefore locked everyone out.  I agree with you that
> this should be possible but I don't think I would be
> comfortable unless I did more testing to know what impact
> that could have.
> I'm not particulary opposed to the idea (of setting an ACL
> on IPC$) but I'm not convinced it would entirely work like
> we think it should without more testing.
> Make sense?


Actually we had a report of a user (I think a month ago or so), that had
corrupted (or was playing) with IPC$ ACLs, and made his system unusable.
Solution was to delete the shares TDB, so that the ACL was removed and
the standard access control reset.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list