[Samba] DOMAIN\Administrator mapped to root vs. CVE-2020-25717 fix including "min domain uid" = 1000
Rowland Penny
rpenny at samba.org
Sat Jun 4 18:01:15 UTC 2022
On Sat, 2022-06-04 at 18:31 +0200, Björn JACKE via samba wrote:
> On 2022-05-27 at 23:12 +0200 Reginald via samba sent off:
> > If I add
> > min domain uid = 0
> > to the smb.conf of the fileserver, everything works fine again. :)
> >
> > So I could manage the permissions and finish work. :)
> >
> > But... This change was probably introduced for good reasons. And I
> > worked around it. What do you think?
> > Did I open up a horrible security hole?
> > What are the implications?
> > Should "DOMAIN\Administrator" actually never be mapped to root?
>
> this reminds me of that old bug report
> https://bugzilla.samba.org/show_bug.cgi?id=9837
>
> I still have hope that Andrew will remove his veto on the change so
> that we can
> finally get this properly by default for future setups.
>
> Björn
I would give up hoping if I were you, if Andrew removes his veto, I
will just use mine.
Rowland
More information about the samba
mailing list