[Samba] undefined reference to `swrap_close'

Andrew Bartlett abartlet at samba.org
Tue Jan 31 20:34:51 GMT 2006

On Tue, 2006-01-31 at 09:32 -0600, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> imacat wrote:
> >> No, I think we need to avoid smbmnt getting these defines.  
> >> This is a setuid app, and I'm worried by how socket wrapper
> >> (and the environment variable based changes in behaviour)
> >> would interact, in a security sense.
> > 
> >     Oh.  Thank you for reminding me this.  This is *really* 
> > a serious security issue.  I've recompiled all my samba
> > without socket_wrapper.  Thanks again for pointing out this.
> No its not a security issue.  The socket wrapper stuff is for
> development testing only.  There is no production value in it.

I think the correct phrasing is that imacat's proposed fix would create
a serious security issue on machines compiled with the socket wrapper
code, and mistakenly deployed in production.  That is why I said it was
an incorrect fix.  

The correct fix (for the build issue) is not to have smbmnt built with
those defines in place, so we link correctly.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060201/70271f2d/attachment.bin

More information about the samba mailing list