SYSTEM vs RELAX in lsa

tridge at samba.org tridge at samba.org
Wed Nov 24 15:48:08 MST 2010


Hi Matthias,

Can you explain 1352a9406f3e3067a8e751ac157eab67796bc0c6 a bit more?

 > commit 1352a9406f3e3067a8e751ac157eab67796bc0c6
 > Author: Matthias Dieter Wallnöfer <mdw at samba.org>
 > Date:   Tue Nov 23 15:15:09 2010 +0100
 > 
 >     s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control is specified
 >     
 >     This fits better than the RELAX one.

It looks to me like you've introduced a security hole. As far as I can
tell, this means all LSA CreateTrustedDomain() calls now happen as
SYSTEM, which would bypass all ACL checking.

Also, why change from RELAX to SYSTEM at all? We should only ever do
something as SYSTEM if we really need ACL bypass, and only when we
have already done careful access checking in the call to ensure the
user is allowed to perform this operation.

Cheers, Tridge


More information about the samba-technical mailing list