Re: possible samba security problem
Am Donnerstag, 27. Januar 2005 15:56 schrieb Michael Stone:
> >I just discovered, that smbstatus can be run by a normal user. It gives
> >sensible Information about usernames and pathes to files (locked files). I
> > do not find this behaviour reasonable. Any comments? suggestions how to
> > fix this? Should I file a bug report?
>
> It's neither a bug nor a problem. The same information is available via
> other mechanisms.
I agree with you for the username-part. /etc/passwd is world-readable, also
when I use LDAP without anonymous bind I could prevent that.
But when there is a file like /srv/share/intern/dismissal_johndoe.sxw no one
but the users in the group intern should be allowed (directory permissions
set correctly) to see that file. I also can't think of any other way for
getting that information.
--
Viele Grüße
Thorsten Giese
ANW GmbH & Co. KG
Prager Ring 4-12
66482 Zweibrücken
Telefon 06332/79-1830
Telefax 06332/79-1834
mailto:t.giese@anw.de
http://www.anw.de
Reply to: