[Samba] root preexec problem
Ryan Novosielski
novosirj at umdnj.edu
Fri Feb 29 15:43:39 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Allison wrote:
> On Mon, Feb 11, 2008 at 11:04:25AM -0800, Robert wrote:
>
>> Is this perhaps related to the folowing bug:
>>
>> https://bugzilla.samba.org/show_bug.cgi?id=4812
>
> Yes, this is certainly it. We're not going to
> fix this though - the security change was painful enough
> that I don't feel safe in allowing arbitrary characters
> in smb.conf scripts - remember the % substitution can
> allow client input here. The best solution is to rewite
> prexecs to use a single script.
I'm not sure if I got nailed by this one, but I'm doing this:
root preexec=/bin/sh -c 'echo C:
\%u,\%m,%I::`/etc/opt/samba/scripts/getdate`' >> /var/opt/samba/accounting
root postexec=/bin/sh -c 'echo X:
\%u,\%m,\%I::`/etc/opt/samba/scripts/getdate`' >> /var/opt/samba/accounting
...and it seems to have stopped working when I upgraded from 3.0.11 to
3.0.22-ish. I suspect that nesting that script like that might be the
problem.
It's not clear to me what actually changed -- anyone have a link about
this? I haven't been able to find it in the release notes.
- --
---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHyCgrmb+gadEcsb4RAurTAKCkUyrchBKnlrIQFUHQQsybd2UheACfRTnJ
fccHg5QgkWIrl9PXlh5ebGo=
=2kBf
-----END PGP SIGNATURE-----
More information about the samba
mailing list