[Samba] prexec change between 3.0.24 to 3.0.25
mitrohin a.s.
swp at swp.pp.ru
Fri May 18 06:38:39 GMT 2007
On Thu, May 17, 2007 at 10:44:43AM -0700, Jeremy Allison wrote:
> On Thu, May 17, 2007 at 12:27:45PM -0500, Schaefer Jr, Thomas R. wrote:
> > Hello,
> >
> > I've been testing out 3.0.25 before putting it into production and came
> > across an issue.
> >
> > As a simple example..
> >
> > in a share definition
> >
> > root preexec = echo "hey there, hi there, hello" > /tmp/hiya.txt
> >
> > works fine under 3.0.24
> >
> > not so under 3.0.25, /tmp/hiya.txt isn't created.
> >
> > Cranking up the debugging and using some other similiar tests it seems
> > to me that Samba is in fact issuing the command but anything with a
> > redirect (> or >>) samba now seems to be passed as an argument to the
> > command now instead of directly to the shell. In other words I think
> > Samba is issuing
> >
> > echo "hey there, hi there, hello" \> \/tmp\/hiya.txt
> >
> > My real world problem comes from simply trying to redirect a grep to
> > /dev/null
> >
> > Something like this
> >
> > root preexec = /usr/bin/grep share_name
> > /loginbats/%U/login.bat > /dev/null
> > root preexec close = yes
> >
> > I can work around it apparently by just leaving off the > /dev/null, I
> > guess Samba likely sends any output from a preexec to /dev/null anyway.
> >
> > So anyhow, is this new Samba 3.0.25 preexec behavior expected behavior?
> > I couldn't find mention of it in the WHATSNEW.txt
>
> Yes it is I'm afraid. We now sanitize completely any
> shell meta-characters to avoid any security issues
> with user generated input being passed to a shell.
>
> I was a little worried this might break some existing
> setups but this is the first report I've had, and believe
> me security problems are worse than breaking setups :-).
>
hmm... now i must rewrite this example?
root preexec = ( /bin/mkdir -m 0700 '/home/.shares/profiles/%U' && \
/usr/sbin/chown '%U:%G' '/home/.shares/profiles/%U' ) || {\
/usr/bin/find '/home/.shares/profiles/%U/Main menu' \
-type f -name desktop.ini -delete; \
/usr/bin/find '/home/.shares/profiles/%U/Recent' \
-type f -name '*.lnk' -delete; \
/bin/rm -rvf '/home/.shares/profiles/%U/Application Data' \
'/home/.shares/profiles/%U/My Documents'; \
}
please, make example with shell exploit what impossibility to rewrite safely
on shell self.
/swp
More information about the samba
mailing list