Re: possible samba security problem

To: Michael Stone <mstone@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: possible samba security problem
From: Thorsten Giese <t.giese@anw.de>
Date: Thu, 27 Jan 2005 16:04:16 +0100
Message-id: <[🔎] 200501271604.16125.t.giese@anw.de>
In-reply-to: <[🔎] 20050127145634.GE26791@mathom.us>
References: <[🔎] 200501271528.57151.t.giese@anw.de> <[🔎] 20050127145634.GE26791@mathom.us>

Am Donnerstag, 27. Januar 2005 15:56 schrieb Michael Stone:

> >I just discovered, that smbstatus can be run by a normal user. It gives
> >sensible Information about usernames and pathes to files (locked files). I
> > do not find this behaviour reasonable.  Any comments? suggestions how to
> > fix this? Should I file a bug report?
>
> It's neither a bug nor a problem. The same information is available via
> other mechanisms.

I agree with you for the username-part. /etc/passwd is world-readable, also 
when I use LDAP without anonymous bind I could prevent that. 

But when there is a file like /srv/share/intern/dismissal_johndoe.sxw no one 
but the users in the group intern should be allowed (directory permissions  
set correctly) to see that file. I also can't think of any other way for 
getting that information. 
-- 

Viele Grüße
Thorsten Giese


ANW GmbH & Co. KG
Prager Ring 4-12
66482 Zweibrücken

Telefon 06332/79-1830
Telefax 06332/79-1834
mailto:t.giese@anw.de
http://www.anw.de

Reply to:

References:
- possible samba security problem
  - From: Thorsten Giese <t.giese@anw.de>
- Re: possible samba security problem
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: possible samba security problem
Next by Date: Re: possible samba security problem
Previous by thread: Re: possible samba security problem
Next by thread: Re: possible samba security problem
Index(es):
- Date
- Thread