[Samba] prexec change between 3.0.24 to 3.0.25

mitrohin a.s. swp at swp.pp.ru
Fri May 18 06:38:39 GMT 2007 

On Thu, May 17, 2007 at 10:44:43AM -0700, Jeremy Allison wrote:
> On Thu, May 17, 2007 at 12:27:45PM -0500, Schaefer Jr, Thomas R. wrote:
> > Hello,
> > 
> > I've been testing out 3.0.25 before putting it into production and came
> > across an issue.
> > 
> > As a simple example..
> > 
> > in a share definition
> > 
> > root preexec = echo "hey there, hi there, hello" > /tmp/hiya.txt
> > 
> > works fine under 3.0.24
> > 
> > not so under 3.0.25, /tmp/hiya.txt isn't created.
> > 
> > Cranking up the debugging and using some other similiar tests it seems
> > to me that Samba is in fact issuing the command but anything with a
> > redirect (> or >>) samba now seems to be passed as an argument to the
> > command now instead of directly to the shell.  In other words I think
> > Samba is issuing 
> > 
> > echo "hey there, hi there, hello" \> \/tmp\/hiya.txt
> > 
> > My real world problem comes from simply trying to redirect a grep to
> > /dev/null
> > 
> > Something like this
> > 
> >         root preexec =  /usr/bin/grep share_name
> > /loginbats/%U/login.bat > /dev/null
> >         root preexec close = yes
> > 
> > I can work around it apparently by just leaving off the > /dev/null, I
> > guess Samba likely sends any output from a preexec to /dev/null anyway.
> > 
> > So anyhow, is this new Samba 3.0.25 preexec behavior expected behavior?
> > I couldn't find mention of it in the WHATSNEW.txt
> 
> Yes it is I'm afraid. We now sanitize completely any
> shell meta-characters to avoid any security issues 
> with user generated input being passed to a shell.
> 
> I was a little worried this might break some existing
> setups but this is the first report I've had, and believe
> me security problems are worse than breaking setups :-).
> 

hmm... now i must rewrite this example?
        root preexec = ( /bin/mkdir -m 0700 '/home/.shares/profiles/%U' && \
                /usr/sbin/chown '%U:%G' '/home/.shares/profiles/%U' ) || {\
                /usr/bin/find '/home/.shares/profiles/%U/Main menu' \
                        -type f -name desktop.ini -delete; \
                /usr/bin/find '/home/.shares/profiles/%U/Recent' \
                        -type f -name '*.lnk' -delete; \
                /bin/rm -rvf '/home/.shares/profiles/%U/Application Data' \
                        '/home/.shares/profiles/%U/My Documents'; \
                }
please, make example with shell exploit what impossibility to rewrite safely 
on shell self.

/swp

More information about the samba mailing list