security of "%" placeholders when executing commands - Re: Can I log winpopup messages ?
Ben Gras
ben at scum.org
Wed Jan 16 07:20:11 GMT 2002
All,
> This might give you a hand. This is what I use. It sends the output to
> virtual console 8. You can modify how you want it
>
> message command = echo At '%T' user '%U' from '%f' sent a message to
> '%t' > /dev/tty8 ; cat %s > /dev/tty8 ; rm %s ; echo > /dev/tty8
That doesn't look very safe.. Can't %T, %U etc. contain a single
quote that would escape from the quoting? And couldn't %s contain
backticks or ampersands that would allow any message sender to
execute commands on your samba machine?
I noticed smbrun() loses privileges, closes fd's etc., so that's
pretty good, but on some machines you don't want users to be able
to execute code as even unprivileged nobodies..
=Ben
More information about the samba
mailing list