[Samba] Default Hidden Disk Shares

Jeremy Allison jra at samba.org
Tue Jul 6 21:15:35 MDT 2010


On Mon, Jul 05, 2010 at 10:00:46AM +0100, Atkinson, Robert wrote:
> Before I reply, please take my response in the light it's meant, which is
> curious interest and intrigue. I'm not and don't want to drag this out into a
> full blown dissemination of Windows security.
> 
> 
> The 'admins' directive in the CONF file holds a list of Admin users, and
> gives elevated privileges to those accounts. I'm at a loss to see how this
> differs from also giving root visibility to the same users.
> 
> I see this one of two ways. Either there isn't enough faith in the SAMBA code
> to feel that it's a robust secure system (I personally think it is), or
> there's a paranoia amongst the community. Given the way Windows is constantly
> hacked, this second observation may well be indirectly true.

It isn't a matter of either or. It's a belt-and-braces approach.
Yes, if the root elevated privilege code has a bug it's game over,
but with an admin share of "/", now you have *two* avenues of attack
not one. Why make everyone pay that cost instead of just the people who
want it ?


More information about the samba mailing list