[RFC] Discontinuing SWAT
dhananjaysathe at gmail.com
Fri Apr 26 09:38:23 MDT 2013
As for some suggestions parsing smb.conf makes little sense, the rpc python
bindings are there , a load of stuff has been exposed in samba-gtk and
SWAT2 ( perhaps build on this and have a common sort of api going for
managing tasks , gtk3 and *your web framework here* could use this common
base (easier to debug and maintain)) and it could be good to go. The
bindings should be the key focus, there are about a *handful* of
additions/bugs that could be fixed and you would have most of the basic
functionality (I would estimate 50-60 % of usecases) required by the
average user exposed .
Final Yr Undergraduate , BITS Pilani, Goa.
Research Assistant , RoboEarth Project
Institute for Dynamic Systems and Control,
ETH Zürich, Switzerland.
dhananjaysathe at gmail.com | f2009260 at goa.bits-pilani.ac.in |
dsathe at ethz.ch| +41 76-710-2202
On Fri, Apr 26, 2013 at 5:27 PM, Michael Adam <obnox at samba.org> wrote:
> On 2013-04-26 at 16:38 +1000, Andrew Bartlett wrote:
> > On Fri, 2013-04-26 at 08:04 +0200, Jelmer Vernooij wrote:
> > > On Thu, Apr 25, 2013 at 11:48:51PM +0200, Kai Blin wrote:
> > > > I think it's time to put SWAT out of its misery. In the past few
> > > > the only commits ever touching it were either API housekeeping or
> > > > remote root exploit security issues.
> > > >
> > > > The last time we had to do the latter, I accidentally broke password
> > > > changes for users, and neither me nor any of the people reviewing the
> > > > changes noticed. I take that as a sign that nobody is really
> > > > in maintaining SWAT, and I think it is becoming a larger liability
> > > > time. Considering how large of an attack surface a web app is
> > > > we should not have one of them in our core release.
> > > >
> > > > There might be the need for a web-based samba configuration tool,
> but I
> > > > don't think SWAT is fulfilling that need well enough.
> > > +1
> > >
> > > Despite the concern that's been expressed about the status of SWAT a
> couple of
> > > times over the last couple of years, nothing has really happened. It's
> > > better to remove it than to let it simmer in its current unusable
> > >
> > > If we want to have a web interface, then I suspect it would be easier
> to build
> > > something new from the grounds up than to update the current SWAT
> > Exactly. I did the same as Kai, and wanted to be all consultative about
> > this, but thinking over this again, we need to just notify: There is no
> > active maintainer of the the SWAT code, and regular security issues as
> > folks put the blowtorch of modern web security to 15 or more year old
> > web code. Therefore, we have no option but to drop it.
> I am strongly in favour of dropping SWAT.
> I don't need to add any arguments. :-)
> Cheers - Michael
More information about the samba-technical