On 25 Feb 2001, at 14:38, Ben Barrett wrote:
> I some linux FS is shared via Samba to a winbloze box that is
> compromised with BO2K or the like, wouldn't the shared filesystem (and
> potentially that host) also be compromised??? I know BO2K allows such
> full access, to passwords, and the "network neighborhood"... those
> back orifice users tend to crawl around that way(?). So I'd think
> that Samba could only be as secure as all the connected systems (then
> again, using samba to share solely from linux-linux seems secure).
You will be compromised, but how much so depends on how
you've got your server set up, using the "create mask" and
"directory mask." These can prevent users from putting
executables in the directory, which, of course, only does you good
if you try to execute the program while actually logged in as a
linux, not samba, user (thanks, Billy).
It also depends on what you allow a user to access in the share. If
someone has BO2K on your winbloze 9x box, they've got your
passwords (again, thanks be to M$ for this), which means they can
try telnet, ftp (hopefully, both turned off), or ssh-- any of which, you
can restrict to being accessed by users who *do not* have rights to
access samba shares, through careful administration of groups.
Truthfully, if someone has BO2K on a Windoze box, they may as
well be sitting at the keyboard. But, if someone has this sort of
stuff on a box, it also means that someone hasn't been doing
things like keeping antivirus software up-to-date, running port
scanners, and so forth.
The main thing to remember about samba is this. You can make a
linux box orders of magnitude more secure than anything M$ builds
with not a lot of effort, and there are lots of really good free software
tools to help you. But, as samba emulates M$ "networking," it has
to use the same lousy encryption scheme for password
authentication as Windoze uses.
The last time I had to crack a Windoze password, it took all of a
second (or less) on a P166. So it is something to worry about.
Cheers,
Dennis
"Custard pies are a sort of esperanto: a universal language."
--Noel Godin
