On Tue, 2006-01-31 at 09:32 -0600, Gerald (Jerry) Carter wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > imacat wrote: > > >> No, I think we need to avoid smbmnt getting these defines. > >> This is a setuid app, and I'm worried by how socket wrapper > >> (and the environment variable based changes in behaviour) > >> would interact, in a security sense. > > > > Oh. Thank you for reminding me this. This is *really* > > a serious security issue. I've recompiled all my samba > > without socket_wrapper. Thanks again for pointing out this. > > No its not a security issue. The socket wrapper stuff is for > development testing only. There is no production value in it.
I think the correct phrasing is that imacat's proposed fix would create a serious security issue on machines compiled with the socket wrapper code, and mistakenly deployed in production. That is why I said it was an incorrect fix. The correct fix (for the build issue) is not to have smbmnt built with those defines in place, so we link correctly. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
