[Samba] PROPOSAL: Remove SWAT in Samba 4.1

Raymond Lillard rlillard at sonic.net
Sun Feb 17 20:26:44 MST 2013


I'm just a data point of one.  My Samba history
is as a user since before 2.0.

Shortly into the 2.0.x series I was asked by
locals (a point and click lot) to setup Swat so
they could manage Samba.  I did so and they
still f'ed the configuration.

That was and remains my only experience with Swat.

I won't miss it.




On 02/17/2013 04:02 PM, Andrew Bartlett wrote:
> As most of you would have noticed, we have now had 3 CVE-nominated
> security issues for SWAT in the past couple of years.
>
> At the same time, while I know many of our users use SWAT, we just don't
> have anybody to maintain it inside the Samba Team.  Kai has made a
> valiant effort to at least apply the XSS and CSRF guidelines when folks
> make security reports, but by his own admission he isn't a web developer
> - none of us are!
>
> There are many other parts of Samba that have not been substantially
> maintained in years, but few have the level of security exposure that
> SWAT does (most are bits of library and utility code that we apply
> elsewhere, but which just quietly does it's own job).
>
> The issue isn't that we can't write secure code, but that writing secure
> Web code where we can't trust the authenticated actions of our user's
> browser is a very different modal to writing secure system code.
> Frankly it just isn't our area.
>
> Therefore, it was suggested on a private list that we just drop SWAT.  I
> want to start a public discussion on that point, prompted by
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us
> why we didn't apply the specific CSRF hardening we applied in 4.0.2 to
> SWAT in the first place.
>
> Thanks,
>
> Andrew Bartlett
>



More information about the samba-technical mailing list