Bill Shannon <[EMAIL PROTECTED]> wrote: > Alan M Wright wrote: >> I put the onus on the person making the request to open the RFE >> as a token gesture to the team. If someone can't be bothered >> filing the RFE, why should there be any expectation that the team >> will take on the work. On the other hand, if someone takes the >> time to submit an RFE and provide justification for a feature then >> we'll do what we can to accommodate it. > > Except, as far as I can tell, I haven't convinced anyone here. > > If you're not convinced, then I know it's a waste of my time to > file the RFE. > > You see, I have an alternative to using your software. I don't > *need* to convince you. I can just use some other software that > already satisfies my needs. > > If you agreed that this was a worthwhile but missing feature, I > would've gladly filed the RFE. (Of course, if you believed that, > you probably would've implemented it already.) > > And trust me, I am *not* going to fight with the security weanies > in PSARC about this...
I wouldn't expect you to deal with PSARC for SMB cases (we'll take care of that) but that may not be the main hurdle. If the case presents sufficient guarantees of "secure by default", it should be okay. The main problem I foresee is handling the exclusion of null sessions from the Everyone group or the POSIX 'other' class in Solaris. Null sessions were re-enabled in Windows XP/2003 along with a change to the Everyone group - to include only Authenticated Users by default. AnonymousLogon is only granted access to files by changing the EveryoneIncludesAnonymous registry value or explicitly adding ACEs to allow AnonymousLogon in ACLs. The Solaris CIFS service doesn't do file level access checks; access checking is performed by the underlying file system. So we'd need to ensure that AnonymousLogon didn't get 'other' permissions by default. We need some time to think about how we'd solve this problem. If you have not had to set something like EveryoneIncludesAnonymous on Samba then you may be exploiting a security hole with the use of AnonymousLogon to access files. Alan _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
