I guess what I was asking was that if one allowed write-permission via
samba, on a [COMPLETE] linux filesystem, and this was compromised on a
windows client, wouldn't that [COMPLETELY] compromise the linux box?
Accordingly, all "good" security is based on knowledgable setup...
ie, ONLY sharing some non-critical data directories/shares
(no read/write on shadow password file etc!)
Tripwire has a wonderful PDF document available, called "Common Security
Exploit and Vulnerability Matrix", which has keys for application,
protocol, and (common) port usage... I put in for a free copy as they
advertised, but have not recieved it yet, and have had problems printing
the PDF at full size (spanning multiple pages, which I'd be happy to take
to scissors and tape!)... Highly recommended!
cheerio & fun sun
ben
