Patch: Allow unprivileged processes to read registry
Andrew Bartlett
abartlet at samba.org
Thu Apr 5 16:12:12 MDT 2012
On Thu, 2012-04-05 at 13:59 -0700, Jeremy Allison wrote:
> On Thu, Apr 05, 2012 at 06:58:27PM +0200, Stef Walter wrote:
> > The samba configuration is shared between daemons and clients. If
> > 'config backend = registry' is configured, then currently clients
> > running without root privileges (like smbclient) fail with:
> >
> > Failed to initialize the registry: WERR_ACCESS_DENIED
> >
> > The attached patch fixes this issue. The database is created with 0644
> > permissions. If write access to the database fails, then the database is
> > opened in read-only mode.
> >
> > I've tested this with various commands and it seems to do the trick.
> >
> > Does this look like a good approach? If so, I'll file a bug for the patch.
>
> Hmmmm. My only fear is that there is security-sensitive data
> stored in the registry this would expose.
Also, does this open us up to a DoS if someone takes a lock out over the
registry?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list