[SMB3POSIX] File attributes
Ralph Boehme
slow at samba.org
Tue Nov 14 17:36:36 UTC 2023
On 11/14/23 18:34, Tom Talpey wrote:
> On 11/14/2023 11:44 AM, Ralph Boehme wrote:
>> On 11/14/23 17:22, Tom Talpey wrote:
>>> But, does it need to be exposed to remote access? It would seem to be an
>>> admin function, most appropriate to apply via the server-local API.
>>>
>>> So to flip the question, does "chattr -i" (or any of the zillion others)
>>> expose any new vulnerability if remote? Some of them look fairly juicy
>>> targets for ransomware infiltration.
>>
>> there seems to be a working local privilege system associated with the
>> attributes. If this was flawed there'd already be a serious problem
>> with local access, so I don't think remote access changes the big
>> picture, does it?
>
> Agreed that the privilege needs to be correctly managed! But exposing
> it remotely increases the attack surface significantly, so in my view
> it needs a good reason, and careful security analysis. That's all.
yup, so imho another reason to avoid it for the time being. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20231114/f2faf9cb/OpenPGP_signature.sig>
More information about the samba-technical
mailing list