[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-vms
Subject:    RE: Connecting to \\SERVER\system by any user
From:       "John E. Malmberg" <wb8tyw () qsl ! net>
Date:       2000-06-06 12:33:17
[Download RAW message or body]

David Taubner <DTaubner@exchange.hsc.mb.canada> wrote:

> Peter,
> I believe you may not be clear on what is actually happening.  We are
> talking about a non-privileged user (NETMBX,TMPMBX,EXQUOTA), and a UIC
such
> as [360,1].  If logged into VMS this user can see nothing, do nothing.
They
> cannot even do a directory of Sys$Manager or anyone else's files.  Logging
> in through Samba gives them access to any directory by mapping a drive as
> someone's username.  Ex: After mapping their home directory with the above
> account (username & password), they can then map \\share\SYSTEM\ and get
> access to Sys$manager - or ANY OTHER DIRECTORY mapped to the username they
> mention as a network path - just give a valid username - no more questions
> asked...  Putting 'valid users = %S' in [homes] is the only way to prevent
> this from happening.

First let me make clear that I am not running exactly the same setuid() code
as in previous versions of SAMBA.  This means that there may be some
differences in what I see than what you see.

For example it turned out that the problem I was having with SMBRUN was due
to my removing all of (SYSPRV,READALL,BYPASS) when impersonating a USER.

I ended up making a wrapper to system() that made the child the original
user SAMBA was running under.  Examination of the SAMBA code indicates that
this is how the system() command works under UNIX.

Back to the original topic:  I tested and reproduce on my 2.0.6 port that a
client logged into a non-existant account has the same access to the
SYS$SYSROOT:[SYSMGR] account as the user had when logged in locally.

I also tested for other accounts, and found that I could not map to the home
directories of any other user directories.  The error message indicated that
the share point could not be found.

I do not have SAMBA running on a LINUX box to verify the behavior reported
for mapping a drive to \\SERVER\root.

-John
wb8tyw@qsl.network

[prev in list] [next in list] [prev in thread] [next in thread]