dealing with usernames containing whitespace

[SATOH Fumiyasu]

At Wed, 31 Jan 2007 08:36:06 -0600,
Gerald (Jerry) Carter wrote:
> > I think the best solution to fix this this problem is
> > "set environment variables (e.g. $SAMBA_XXXX?) to pass
> > values before shell executing". Of course a command,
> > executed from smbd via /bin/sh, must take care that
> > environment variables can contain special characters. 
> 
> I don't see how the environment variables alleviate
> the problem.  But perhaps I'm missing something.  Also this

At least, the smbd can escape from the "unexpected things
can be occured by the shell and variable substitutions
on shell command-line" problem.

Regardless of whether a command is invoked from the smbd
or others, commands must check if all input data
(command-line args, environment vars, stdin and so on)
coming from an untrusted system is valid or not, and
must use input data safely.

For example, if you want to create a user's directory
on the fly via smbd (i.e. same as Bug#2345,
https://bugzilla.samba.org/show_bug.cgi?id=2345),
create the following shell script (e.g. named "mkuserdir"):

----------------------------------------
#!/bin/bash

# Filter "/" attack
user="${SAMBA_USER##*/*}"
group="${SAMBA_GROUP##*/*}"

# Target dir
dir="/share/$user"

[ -z "$user" ] && exit 1
[ -z "$group" ] && exit 1
[ -d "$dir" ] && exit 0

# Use "--" to indicate the end of the command-line option explicitly
mkdir -p -- "$dir" || exit 1
chown -h -- "$user:$group" "$dir" || exit 1

exit 0
----------------------------------------

and set the following parameter:

  root preexec = /path/to/mkuserdir
  root preexec close = yes

to your smb.conf.

> would be an extremely incompatible change if all parameters
> were passed via the environment stack rather than as command
> line args.

For the backward compatibility, we should remain the
variable substitution codes.

-- 
-- Name: SATOH Fumiyasu / fumiyas @ osstech.co.jp
-- Business Home: http://www.OSSTech.co.jp
-- Personal Home: http://www.SFO.jp/blog/