[Pkg-samba-maint] Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ;

Christian Perrier bubulle at debian.org
Mon May 21 16:26:00 UTC 2007

tags 425391 wontfix

> After some debugging I discovered that a strange problem I experienced 
> was caused by the patched code added in Samba 3.0.14a-3sarge for 
> CVE-2007-2447 (Remote Command Injection Vulnerability). It is now no 
> longer possible to use the ";" character in options like "preexec = " & 
> "postexec =" causing the use of ie. (in my case) "root preexec = mkdir 
> -p /home/software/Recycle; chown root:admins /home/software/.Recycle" to 
> be executed as "root preexec = mkdir -p /home/software/Recycle chown 
> root:admins /home/software/.Recycle" (The semicolon disappears!).
> As far as I can see now, it also breaks the use of (in my case) "passwd 
> program = /usr/bin/passwd %u; /usr/local/lib/yp_make.sh"
> This new unexpected behaviour can possibly break a lot of setups! I 
> think the easiest solution is to add the ";" (and possibly also & and |) 
> to #define INCLUDE_LIST 
> "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.,"

Upstream has admitted that these sanity checks may have consequences
on existing setups but that would be the price to pay for increased

Jeremy Allison on samba at lists.d.o:

>Yes it is I'm afraid. We now sanitize completely any
>shell meta-characters to avoid any security issues
>with user generated input being passed to a shell.

>I was a little worried this might break some existing
>setups but this is the first report I've had, and believe
>me security problems are worse than breaking setups :-).

jra again:

>Rather than putting executable shell script in smb.conf,
>move this into a file as a shell script and pass %U, %G
>as parameters to it from smb.conf - that should be much

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070521/7f3935d7/attachment-0001.pgp 

More information about the Pkg-samba-maint mailing list