Bug#311725: samba: smbd and nmbd get started by logrotate even when disabled

Thu, 02 Jun 2005 15:23:23 -0700 

Package: samba
Version: 3.0.14a-4
Severity: important
Tags: patch

The samba's logrotate file /etc/logrotate.d/samba
containsa a line like:

        postrotate
                invoke-rc.d --quiet samba reload > /dev/null


This starts samba even if previously stopped/disabled (for instance, by
removing rc2.d link). I would suggest to test for the smbd.pid 
pidfile, as follows:

        postrotate
        # Avoid starting samba if it is stopped
                [ -e /var/run/samba/smbd.pid ] && \
                invoke-rc.d --quiet samba restart > /dev/null


Check bug #310535 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310535>
about the same problem in cupsys, from where I copied this report
(I hope the report had a free license ;-)

I think this bug involves an important security problem, as all the 
systems having samba disabled will be in fact running samba and admins will be 
ignorant about this fact, and thus probably they won't pay attention to 
future samba security bugs.

I understand that the number of systems with samba installed and not 
running it is probably small, but anyway there are some for sure.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages samba depends on:
ii  debconf [debconf-2. 1.4.50               Debian configuration management sy
ii  libacl1             2.2.29-1.0.1         Access control list shared library
ii  libc6               2.3.2.ds1-22         GNU C Library: Shared libraries an
ii  libcomerr2          1.37+1.38-WIP-0509-1 common error description library
ii  libcupsys2-gnutls10 1.1.23-10            Common UNIX Printing System(tm) - 
ii  libkrb53            1.3.6-3              MIT Kerberos runtime libraries
ii  libldap2            2.1.30-10            OpenLDAP libraries
ii  libpam-modules      0.76-22              Pluggable Authentication Modules f
ii  libpam-runtime      0.76-22              Runtime support for the PAM librar
ii  libpam0g            0.76-22              Pluggable Authentication Modules l
ii  libpopt0            1.7-5                lib for parsing cmdline parameters
ii  logrotate           3.7-5                Log rotation utility
ii  netbase             4.21                 Basic TCP/IP networking system
ii  samba-common        3.0.14a-4            Samba common files used by both th

-- debconf information:
  samba/nmbd_from_inetd:
  samba/log_files_moved:
  samba/tdbsam: false
* samba/generate_smbpasswd: true
* samba/run_mode: daemons


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to