Magic script problem

Joerg Lenneis lenneis at wu-wien.ac.at
Thu Oct 30 21:50:57 GMT 1997 

Geza Makay <makayg at math.u-szeged.hu> writes:

> Hello everyone,
> 
> First I would like to thank Andrew, Luke and others working on Samba for
> this great product! We use it on our server for more that 2 years now with
> no problem.
> One little bug I found, but it is not very important, since there is a
> workaround. If you specify a magic script on one of the shares (it is in
> our homes section now), then the magic script does not seem to run, if you
> create (copy) it in the root directory of that share, but it works just
> fine if you put it into any of the subdirectories of that share. We depend
> on magic scripts, because our librarian does not know Unix, but still needs
> to update sometimes the library databases on our WWW server, and I do not
> want to give her explicit file access to that directory (i.e. a share,
> where she could write). So I created a small script that does all the works
> for her on the Unix machine, and it is run using the magic script. All this
> I experienced with Samba 1.9.17p2.


[ ... ]


The reason for this behaviour can be found in the function check_magic
in server.c which is responsible for finding out if a filename is the
name of a magic script and if yes to execute the script. The filename
of the script is cleaned from any leading slashes and dots as a
name relative to the shared directory. If it matches the magic script
parameter it is executed using "/bin/sh" with the current directory
set to the share's root. If you do not have "." in your path, it
cannot be found, but a file in a subdirectory, like "subdir/magic",
can be. 

I sent a patch correcting this (it simply prepends "./" to the magic
script file before execution) to samba-bugs, but unfortunately that
coincided with the emergence of the password buffer overrun bug which
was of course much more urgent. The fix for it also interfered with my
patch (there was a strcpy at work there, Andrew replaced each strcpy
with another function which checks for overruns), so I guess it got
lost in the noise.



-- 

Joerg Lenneis

email: lenneis at wu-wien.ac.at

More information about the samba mailing list