Date: Tue, 9 Jul 1996 16:45:17 -0700 (PDT) From: Jim Dennis <jim@starshine.org> To: terry@lambert.org (Terry Lambert) Cc: igor@cs.ibank.ru, questions@freebsd.org Subject: Re: Samba FS planned to implement? Message-ID: <199607092345.QAA04260@starshine> In-Reply-To: <199607091833.LAA24711@phaeton.artisoft.com> from "Terry Lambert" at Jul 9, 96 11:33:02 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > re, > > > > smbclient - cool but interactive. :) > > I have a proposal on the table (in a news group posting) for session > management and a password cache interface. These are prerequisites > for a correct implementation. The Linux implementation is incorrect, > and opens security holes you could drive a truck through. This > would not be so bad if the default configuration was not so badly > thought out that you could drive three trucks and a blimp through. Could you be a bit more specific (perhaps with a message copied to bugtraq or linux-alert)? In particular my question is this -- the smbfs is an smb client -- it has nothing to do with exporting your Unix volumes to others (which is handled by smbd AFAIK). So, are you saying that there are problems where a single user (on a Linux host) mounting an SMB share (on an NT or Win '95 system for example) will allow other users (on the Linux side) access to the shared volume? Are you saying that it allows the user in question more access than smbtar/smbclient? > Remember the CERT advisort for Microsoft SMB servers? Of course I remember it. I added additional packet filters to prevent propagation of those protocols through our routers (former employer) and recommended that WfW and Win '95 systems be reconfigured to disable sharing throughout the enterprise (as I recall NT systems could be configured to avoid the problem). > Imagine it applying to all of your UNIX systems. > As I recall the SAMBA server didn't have this problem -- it was the client that exposed the underlying server-side vulnerability in the MS products. Please correct me if I'm wrong. I don't want to carry around any misinformation on this issue. > Terry Lambert > terry@lambert.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607092345.QAA04260>