From owner-freebsd-questions Tue Jul 9 20:12:25 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA00997 for questions-outgoing; Tue, 9 Jul 1996 20:12:25 -0700 (PDT) Received: from hustle.rahul.net (hustle.rahul.net [192.160.13.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id UAA00989 for ; Tue, 9 Jul 1996 20:12:22 -0700 (PDT) Received: by hustle.rahul.net with UUCP id AA07250 (5.67b8/IDA-1.5 for questions@freebsd.org); Tue, 9 Jul 1996 20:05:30 -0700 Received: (from jim@localhost) by starshine (8.6.11/8.6.9) id QAA04260; Tue, 9 Jul 1996 16:45:18 -0700 From: Jim Dennis Message-Id: <199607092345.QAA04260@starshine> Subject: Re: Samba FS planned to implement? To: terry@lambert.org (Terry Lambert) Date: Tue, 9 Jul 1996 16:45:17 -0700 (PDT) Cc: igor@cs.ibank.ru, questions@freebsd.org In-Reply-To: <199607091833.LAA24711@phaeton.artisoft.com> from "Terry Lambert" at Jul 9, 96 11:33:02 am X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > re, > > > > smbclient - cool but interactive. :) > > I have a proposal on the table (in a news group posting) for session > management and a password cache interface. These are prerequisites > for a correct implementation. The Linux implementation is incorrect, > and opens security holes you could drive a truck through. This > would not be so bad if the default configuration was not so badly > thought out that you could drive three trucks and a blimp through. Could you be a bit more specific (perhaps with a message copied to bugtraq or linux-alert)? In particular my question is this -- the smbfs is an smb client -- it has nothing to do with exporting your Unix volumes to others (which is handled by smbd AFAIK). So, are you saying that there are problems where a single user (on a Linux host) mounting an SMB share (on an NT or Win '95 system for example) will allow other users (on the Linux side) access to the shared volume? Are you saying that it allows the user in question more access than smbtar/smbclient? > Remember the CERT advisort for Microsoft SMB servers? Of course I remember it. I added additional packet filters to prevent propagation of those protocols through our routers (former employer) and recommended that WfW and Win '95 systems be reconfigured to disable sharing throughout the enterprise (as I recall NT systems could be configured to avoid the problem). > Imagine it applying to all of your UNIX systems. > As I recall the SAMBA server didn't have this problem -- it was the client that exposed the underlying server-side vulnerability in the MS products. Please correct me if I'm wrong. I don't want to carry around any misinformation on this issue. > Terry Lambert > terry@lambert.org