[PATCH] Hardening for the homes directory
Ralph Böhme
slow at samba.org
Mon Dec 3 11:28:34 UTC 2018
On Mon, Dec 03, 2018 at 12:21:39PM +0100, Andreas Schneider wrote:
>On Monday, 3 December 2018 11:54:26 CET Ralph Böhme wrote:
>> Hi Andreas,
>>
>> lgtm besides one nitpick (see below):
>>
>> On Mon, Dec 03, 2018 at 11:41:35AM +0100, Andreas Schneider via samba-
>technical wrote:
>> >From 82dd883797fc4fef68bbc6af7f1b9ee10bea2d44 Mon Sep 17 00:00:00 2001
>> >From: Andreas Schneider <asn at samba.org>
>> >Date: Thu, 22 Nov 2018 18:23:24 +0100
>> >Subject: [PATCH 3/4] s3:smbd: Make sure we do not export "/" (root) as home
>> >
>> > dir
>> >
>> > ...
>> >
>> >diff --git a/source3/smbd/password.c b/source3/smbd/password.c
>> >index f472bda2c70..8e2eb1312c5 100644
>> >--- a/source3/smbd/password.c
>> >+++ b/source3/smbd/password.c
>> >@@ -122,13 +122,21 @@ int register_homes_share(const char *username)
>> >
>> > pwd = Get_Pwnam_alloc(talloc_tos(), username);
>> >
>> >- if ((pwd == NULL) || (pwd->pw_dir[0] == '\0')) {
>> >+ if ((pwd == NULL) ||
>> >+ (pwd->pw_dir[0] == '\0')) {
>>
>> is there a logical change I fail to spot on a miserable Monday morning? :)
>>
>> If you want the line wrap for readability please also wrap the closing brace
>> as mentioned in README.Coding:
>>
>> if ((pwd == NULL) ||
>> (pwd->pw_dir[0] == '\0'))
>> {
>
>
>Sorry, that is just a left over I forgot to undo. Updated patchset attached.
ah, ok. :)
Looks like 4/4 is missing?
Also:
>- if ((pwd == NULL) || (pwd->pw_dir[0] == '\0')) {
>+ if ((pwd == NULL) ||
>+ (pwd->pw_dir[0] == '\0') ||
>+ strequal(pwd->pw_dir, "/")) {
This should be:
>- if ((pwd == NULL) || (pwd->pw_dir[0] == '\0')) {
>+ if ((pwd == NULL) ||
>+ (pwd->pw_dir[0] == '\0') ||
>+ strequal(pwd->pw_dir, "/"))
>+ {
I just discovered that we have this in README.Coding which is nice because it
matches my favored style. :)
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
More information about the samba-technical
mailing list