[Samba] explorer.exe crashes on security tab access

Rowland Penny rpenny at samba.org
Thu Aug 16 18:55:12 UTC 2018

On Thu, 16 Aug 2018 11:46:01 -0700
Jeremy Allison <jra at samba.org> wrote:

> On Thu, Aug 16, 2018 at 07:35:46PM +0100, Rowland Penny via samba
> wrote:
> > > 
> > > The crash only happens when a local unix group (in this case
> > > root) is set as the group for the shared file.
> > 
> > There is one very big problem with that theory, Administrator is
> > mapped (in idmap.ldb) to root, so when you read 'root' on a DC, you
> > can also read 'Administrator' (Which is most definitely a Domain
> > user) ;-)
> Whatever the case explorer.exe shouldn't crash on any data
> returned from the server. If it does that's a possible
> security flaw and you should report it immediately to
> Microsoft (I just fixed a similar problem with libsmbclient
> in our recent security release, that's why I'm sensitive
> to these things).

Hi Jeremy, I have now made it crash!

If the group on a file is 'root' explorer turns its toes up and dies.

It is failing with exception code 0xc0000005


More information about the samba mailing list