security of "%" placeholders when executing commands - Re:Can I log
winpopup messages ?
Andrew Bartlett
abartlet at pcug.org.au
Thu Jan 17 04:28:34 GMT 2002
Martyn Ranyard wrote:
>
> Not necessarily, for instance, you cannot have a username with a backquote,
> I am not one of the programmers who wrote samba, but if they have a
> "make-safe" procedure, I would imagine they run it on all macros.
>
> Could one of the samba team comment, and hopefully if it isn't then it
> could be a relatively small patch.
I'm always parinoid about the macros, and rightly so - we have been
bitten badly in the past. Now the various macros should have anything
not *compleatly* booring stripped out from them, but if you really care,
check the source yourself. (You will also notice that doing so isn't
trivial either...).
Always use the lastet Samba - as 2.2.1 and 2.2.0a both had fixes in this
area.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list