From owner-freebsd-current  Wed Nov 27 19: 0: 9 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 96AD737B401
	for <current@freebsd.org>; Wed, 27 Nov 2002 19:00:08 -0800 (PST)
Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 44AB643EA9
	for <current@freebsd.org>; Wed, 27 Nov 2002 19:00:08 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0289.cvx22-bradley.dialup.earthlink.net ([209.179.199.34] helo=mindspring.com)
	by flamingo.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 18HEtj-0001P4-00; Wed, 27 Nov 2002 18:59:27 -0800
Message-ID: <3DE5863C.D6D032BC@mindspring.com>
Date: Wed, 27 Nov 2002 18:58:04 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Cc: "David W. Chapman Jr." <dwcjr@inethouston.net>,
	current@FreeBSD.ORG
Subject: Re: pw_user.c change for samba
References: <20021127192126.GA31706@leviathan.inethouston.net> <3DE52B70.44402B98@mindspring.com> <20021127203401.GA35573@leviathan.inethouston.net> <3DE5315A.FC6D59B@mindspring.com> <20021127222037.GA13085@gothmog.gr>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Giorgos Keramidas wrote:
> On 2002-11-27 12:55, Terry Lambert <tlambert2@mindspring.com> wrote:
> > Will this open up a security hole for a nomal user account
> > being used to compromise the domain system security?
> 
> Probably 'yes'.  I haven't tried this, but I guess one could name his
> machine "Administrator".  When that username is passed around, is it
> clear that it is a machine name and not a user name?  I guess that if
> this way someone just might trick a remote SMB server that his
> username is 'Administrator' by changing his local machine's name, we
> have a problem...

That's a namespace issue... they would still need a password.
I think that a login class would fix it.  That would mean that
you could not have a user and a machine with the same name,
but if you want to be technical, doing it the other way, I
can't have a user named "Administrator$" and a machine named
"Administrator", so either waym there's a namespace incursion.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message