On Tue, May 22, 2007 at 08:17:56AM +0200, Christian Perrier wrote: > Other maintainers, advice? I think that going the way to sanity check > configuration files is a dangerous slope...
Forward upstream? I don't think this is high-priority enough of an issue that it will ever get worked on, but I agree that rejecting the config option would be nicer than silently rewriting it to do something the user isn't expecting. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ > -------- Message original -------- > Sujet: Re: Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ; > Date: Tue, 22 May 2007 08:10:31 +0200 > De: Arno van Amersfoort <[EMAIL PROTECTED]> > Pour: Christian Perrier <[EMAIL PROTECTED]> > Références: <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > > Thanks for your reply, one further comment surrounding this issue: > Shouldn't "/etc/init.d/samba start" or testparm at least generate a > warning that characters were used that are not allowed, instead of > silently replacing them with spaces, which in my case caused my whole > filesystem to be polluted with chmod, chown etc. (because the first > statement was mkdir)? > > Christian Perrier wrote: > > tags 425391 wontfix > > thanks > > > > > >> After some debugging I discovered that a strange problem I experienced > >> was caused by the patched code added in Samba 3.0.14a-3sarge for > >> CVE-2007-2447 (Remote Command Injection Vulnerability). It is now no > >> longer possible to use the ";" character in options like "preexec = " & > >> "postexec =" causing the use of ie. (in my case) "root preexec = mkdir > >> -p /home/software/Recycle; chown root:admins /home/software/.Recycle" to > >> be executed as "root preexec = mkdir -p /home/software/Recycle chown > >> root:admins /home/software/.Recycle" (The semicolon disappears!). > >> > >> As far as I can see now, it also breaks the use of (in my case) "passwd > >> program = /usr/bin/passwd %u; /usr/local/lib/yp_make.sh" > >> > >> This new unexpected behaviour can possibly break a lot of setups! I > >> think the easiest solution is to add the ";" (and possibly also & and |) > >> to #define INCLUDE_LIST > >> "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.," > >> > > > > > > Upstream has admitted that these sanity checks may have consequences > > on existing setups but that would be the price to pay for increased > > security. > > > > Jeremy Allison on [EMAIL PROTECTED]: > > > > > >> Yes it is I'm afraid. We now sanitize completely any > >> shell meta-characters to avoid any security issues > >> with user generated input being passed to a shell. > >> > > > > > >> I was a little worried this might break some existing > >> setups but this is the first report I've had, and believe > >> me security problems are worse than breaking setups :-). > >> > > > > > > jra again: > > > > > > > >> Rather than putting executable shell script in smb.conf, > >> move this into a file as a shell script and pass %U, %G > >> as parameters to it from smb.conf - that should be much > >> safer.
