Date: Wed, 27 Nov 2002 18:58:04 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: "David W. Chapman Jr." <dwcjr@inethouston.net>, current@FreeBSD.ORG Subject: Re: pw_user.c change for samba Message-ID: <3DE5863C.D6D032BC@mindspring.com> References: <20021127192126.GA31706@leviathan.inethouston.net> <3DE52B70.44402B98@mindspring.com> <20021127203401.GA35573@leviathan.inethouston.net> <3DE5315A.FC6D59B@mindspring.com> <20021127222037.GA13085@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas wrote: > On 2002-11-27 12:55, Terry Lambert <tlambert2@mindspring.com> wrote: > > Will this open up a security hole for a nomal user account > > being used to compromise the domain system security? > > Probably 'yes'. I haven't tried this, but I guess one could name his > machine "Administrator". When that username is passed around, is it > clear that it is a machine name and not a user name? I guess that if > this way someone just might trick a remote SMB server that his > username is 'Administrator' by changing his local machine's name, we > have a problem... That's a namespace issue... they would still need a password. I think that a login class would fix it. That would mean that you could not have a user and a machine with the same name, but if you want to be technical, doing it the other way, I can't have a user named "Administrator$" and a machine named "Administrator", so either waym there's a namespace incursion. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DE5863C.D6D032BC>