doing a test build of samba

Michael Tokarev mjt at tls.msk.ru
Mon Apr 4 21:58:49 UTC 2022


05.04.2022 00:51, Andrew Bartlett wrote:

>> build enables -D WITH_NTVFS_FILESERVER=1.
>> This one, in turn does this:
> 
> This MUST NOT be enabled in production, as Samba upstream provides no
> security support for this code, which remains because it is hard work
> to remove due to the support it provides to some of our tests.

How about just removing $libdir/samba/service/smb.so for production
package?

It is not enabled by default in "server services" anyway, so in order
to trigger any issues in that code (security or not), one have to enable
it in the config first (server services = +smb).

But it is still not a big deal to just remove it on install, is it?

I especially looked at what's being enabled. I found this very module,
plus a few unrelated goodies.

> If you want to do a selftest build, do a selftest build but don't put
> it into the production binaries.

What else, besides smb.so, is wrong?

> If Debian can't handle that, talk to Debian :-)

Debian can, but why?

Thanks,

/mjt



More information about the samba-technical mailing list