[PATCH] central range check for sids2xids
Andreas Schneider
asn at samba.org
Wed Aug 10 07:25:45 UTC 2016
On Tuesday, 9 August 2016 18:39:36 CEST Michael Adam wrote:
> Hi all,
>
> The attached patch introduces a central range check
> for the unix ids produced by the id mapping backends
> (sids2xids).
>
> I noticed that some backends (at least ad and hash),
> have no range check any more. This is dangerous
> because it can lead to ids leaking out of id-mapping
> that are from ranges that this backend is not
> responsible for the backward mapping xids2sids
> would then lead to a different sid than the one
> started with.
>
> Instead of adding this to all backends, here is
> a patch that adds the check to the central
> winbind code.
>
> Opinions?
I missed that mail yesterday. Normally a bug should be opened before we create
the master patch so the bug URL is already present. We need this backported!
Please open a bug for that. Thanks!
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list