[Samba] root preexec problem
Jeremy Allison
jra at samba.org
Fri Mar 7 21:48:33 GMT 2008
On Fri, Mar 07, 2008 at 04:44:15PM -0500, Ryan Novosielski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm reposting this as no one has responded. Is there something in here
> in particular that would have caused a problem? I guess I use multiple
> commands, but there is no use of % variables inside my one script that
> formats the date.
>
> Jeremy Allison wrote:
> > On Mon, Feb 11, 2008 at 11:04:25AM -0800, Robert wrote:
> >
> >> Is this perhaps related to the folowing bug:
> >>
> >> https://bugzilla.samba.org/show_bug.cgi?id=4812
> >
> > Yes, this is certainly it. We're not going to
> > fix this though - the security change was painful enough
> > that I don't feel safe in allowing arbitrary characters
> > in smb.conf scripts - remember the % substitution can
> > allow client input here. The best solution is to rewite
> > prexecs to use a single script.
>
> I'm not sure if I got nailed by this one, but I'm doing this:
>
> root preexec=/bin/sh -c 'echo C:
> \%u,\%m,%I::`/etc/opt/samba/scripts/getdate`' >> /var/opt/samba/accounting
The multiple commands are no longer supported. Rewrite this
to call a single script command with parameters.
Jeremy.
More information about the samba
mailing list