It seems a bit savage to panic if an admin mistypes a [in]valid users entry
Ralph Böhme
slow at samba.org
Fri Nov 3 16:54:44 UTC 2017
On Fri, Nov 03, 2017 at 09:23:54AM -0700, Jeremy Allison via samba-technical wrote:
> On Fri, Nov 03, 2017 at 09:04:49AM -0700, Richard Sharpe via samba-technical wrote:
> > Hi folks,
> >
> > In looking at a netgroups question I noticed this in
> > source3/smbd/share_access.c token_contains_name:
> >
> > }
> > smb_panic("got invalid prefix from do_groups_check");
> > }
> >
> > Should we really panic if an admin entered some invalid character.
> > That would lead to things failing in strange and hard to debug ways
> > ...
> >
> > Surely it is better to simply ignore that field/parameter?
>
> Valid / invalid users is a bit security critical in that
> people are depending on it to protect resources.
>
> Maybe better would be to print an error and then terminate,
> rather than panic.
Or just deny share access.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
More information about the samba-technical
mailing list