svn commit: samba r9946 -
branches/SAMBA_3_0/source/smbd trunk/source/smbd
Gerald (Jerry) Carter
jerry at samba.org
Fri Sep 2 13:26:40 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
gd at samba.org wrote:
> Author: gd
> Date: 2005-09-02 09:16:08 +0000 (Fri, 02 Sep 2005)
> New Revision: 9946
>
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9946
>
> Log:
> allow the priv-based chown (se_take_ownership) to chown to other users
> (not only to the current_user.uid).
>
> Jeremy, please have a look.
Guenther,
This changes the entire meaning of SeTakeOwnership. We have already
release the SeTakeOwnershipPrivilege in 3.0.20 to mean change
ownership to yourself only. I'm not sure this is a good idea.
IMO this is too dangerous to be done via Samba. For example,
a user with SeTakeOwnership could create a script with the
setuid bit and then change the ownership to root.
I'd vote -1 on this patch due to security concerns.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDGFMQIR7qMdg1EfYRAlm3AKCWhjSAWS6s7o1HV5vFQMTxsUisXgCgsHDF
a0MUpQppf/2i4MxIWXLhhLg=
=CEVt
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list