[Pkg-samba-maint] Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ;
Christian Perrier
bubulle at debian.org
Mon May 21 16:26:00 UTC 2007
tags 425391 wontfix
thanks
> After some debugging I discovered that a strange problem I experienced
> was caused by the patched code added in Samba 3.0.14a-3sarge for
> CVE-2007-2447 (Remote Command Injection Vulnerability). It is now no
> longer possible to use the ";" character in options like "preexec = " &
> "postexec =" causing the use of ie. (in my case) "root preexec = mkdir
> -p /home/software/Recycle; chown root:admins /home/software/.Recycle" to
> be executed as "root preexec = mkdir -p /home/software/Recycle chown
> root:admins /home/software/.Recycle" (The semicolon disappears!).
>
> As far as I can see now, it also breaks the use of (in my case) "passwd
> program = /usr/bin/passwd %u; /usr/local/lib/yp_make.sh"
>
> This new unexpected behaviour can possibly break a lot of setups! I
> think the easiest solution is to add the ";" (and possibly also & and |)
> to #define INCLUDE_LIST
> "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.,"
Upstream has admitted that these sanity checks may have consequences
on existing setups but that would be the price to pay for increased
security.
Jeremy Allison on samba at lists.d.o:
>Yes it is I'm afraid. We now sanitize completely any
>shell meta-characters to avoid any security issues
>with user generated input being passed to a shell.
>I was a little worried this might break some existing
>setups but this is the first report I've had, and believe
>me security problems are worse than breaking setups :-).
jra again:
>Rather than putting executable shell script in smb.conf,
>move this into a file as a shell script and pass %U, %G
>as parameters to it from smb.conf - that should be much
>safer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070521/7f3935d7/attachment-0001.pgp
More information about the Pkg-samba-maint
mailing list