security of "%" placeholders when executing commands - Re:
Can I log winpopup messages ?
Martyn Ranyard
ranyardm at lineone.net
Wed Jan 16 07:56:17 GMT 2002
Not necessarily, for instance, you cannot have a username with a backquote,
I am not one of the programmers who wrote samba, but if they have a
"make-safe" procedure, I would imagine they run it on all macros.
Could one of the samba team comment, and hopefully if it isn't then it
could be a relatively small patch.
M
At 04:15 PM 1/16/02 +0100, you wrote:
>All,
>
> > This might give you a hand. This is what I use. It sends the output to
> > virtual console 8. You can modify how you want it
> >
> > message command = echo At '%T' user '%U' from '%f' sent a message to
> > '%t' > /dev/tty8 ; cat %s > /dev/tty8 ; rm %s ; echo > /dev/tty8
>
>That doesn't look very safe.. Can't %T, %U etc. contain a single
>quote that would escape from the quoting? And couldn't %s contain
>backticks or ampersands that would allow any message sender to
>execute commands on your samba machine?
>
>I noticed smbrun() loses privileges, closes fd's etc., so that's
>pretty good, but on some machines you don't want users to be able
>to execute code as even unprivileged nobodies..
>
> =Ben
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
==============
Martyn Ranyard
More information about the samba
mailing list