[Samba] Shell script execution?

Joel Hammer Joel at HammersHome.com
Sat Apr 19 12:06:42 GMT 2003


Well, I was thinking more about small private networks. I am an amateur.

But, educate me please.

The flag file ownership will change when the user transfers the flag file
to the subdirectory, I believe. If the daemon checked the ownership of
these flag files before they were acted upon, then only certain users
would be able to run programs indicated by the flag files.  If the daemon
were only allowed to run a small number of programs, then a malicious
user couldn't get the server to run just any program he wanted.

Wouldn't that be as secure as anything else that runs on a server?

  Joel

On Sat, Apr 19, 2003 at 06:36:37PM +0800, Coreix Systems - Unix - Linux Development & Internetworking Engineers wrote:
> Firstly i would have to ask Why..?
> 
> What command(s) are you going to exec... Who/How will you see it's output and or
> parse values to it's input..
> 
> Secondly, your going to make yourself a large 'Internal Security' issue...
> 
> I have attached a old app, i wrote ages ago, that will allow you to run
> command's from a web based form,
> it's pretty simple really, i couldn't find the 'release' copy so you'll have to
> tweak this and change the values to suite your server, But this can be very
> handy, and secure if you simply place a 'htaccess' rule
> on the dir you place it into in your CGI-BIN on the web server of your
> machine....
> 
> Joel, Sorry... But you suggestion, Whilst creative... Would be a security risk
> in many more ways than one...
> 	No offence intended, But as a professional programmer, i can think of many
> simple ways it
> 	could be exploited
> 	and dependant on it's primary privileges, do just about anything.... On the
> server....
> 
> 
> Regards,
> 
> Craig R. Marshall
> B.E (Hons), M.Eng.Sc., CCNA
> Senior Software, IP Telecommunications
> & Terrestrial Systems Engineer.
> Coreix Systems Australia
> mailto:craigrm at coreixsystems.com.au
> http://www.coreixsystems.com
> 
> {-----Original Message-----
> {From: samba-bounces+lists=coreixsystems.com.au at lists.samba.org
> {[mailto:samba-bounces+lists=coreixsystems.com.au at lists.samba.org]On
> {Behalf Of Joel Hammer
> {Sent: Saturday, 19 April 2003 9:24 AM
> {To: Kai Peters; samba at lists.samba.org
> {Subject: Re: [Samba] Shell script execution?
> {
> {
> {Another way would be to have a share which has a subdirectory. Put
> {in the parent directory a flag file or files (program1, program2,
> {etc). Have a daemon running on the samba server (a bash script would
> {do) watching the subdirectory. Then, to run a program, move the program
> {flag file from the parent directory to the subdirectory. The daemon sees it,
> {reads the program name, runs the program and moves the program flag file
> {back to the parent directory.
> {
> {Joel
> {
> {On Fri, Apr 18, 2003 at 12:22:49PM -0700, Kai Peters wrote:
> {> Hi ~
> {>
> {> is there a way to execute a shell script on the samba server from a
> {windows client via Samba?
> {>
> {--
> {To unsubscribe from this list go to the following URL and read the
> {instructions:  http://lists.samba.org/mailman/listinfo/samba
> {
> {

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list