svn commit: samba r23047 - in branches/SAMBA_4_0/source/scripting/ejs: .

tridge at tridge at
Tue May 22 06:32:30 GMT 2007


 > Well, yes, you're right. I messed the order :) But it should be ok,
 > to reverse the order of inclusion - defined paths first, local dir
 > second. This would allow not to substitue commonly used include files
 > and still be able to include something local.

no, it's not OK. It's _never_ ok.

Imagine that Samba is installed in /net/some_nfs/drive/samba and nfs
is down. What happens then? smbstatus then goes to '.' and the
security hole is back.

Please just revert the patch. There is no way we should ever be
looking in '.' for scripts or libraries of any kind.

Cheers, Tridge

More information about the samba-technical mailing list