On 25 Feb 2001, at 16:35, Ben Barrett wrote:
> I guess what I was asking was that if one allowed write-permission via
> samba, on a [COMPLETE] linux filesystem, and this was compromised on a
> windows client, wouldn't that [COMPLETELY] compromise the linux box?
No. Samba is an *additional* layer of permissions on top of the
preexisting linux permissions. You can only write to directories
that you have linux permissions to write to. At this level, though, it
becomes academic, as the hacker has rights to shares, plus /tmp,
/var/tmp, etc., and that's more than enough. However (and I admit
I've never tried this). The best way to control this is to set up a
"shares" directory and to set up [homes] with a path something
like "/home/%U/%U (keeps the user out of the dot files). Then
don't allow samba users to write into any other directories on the
system. Also, as I said before, don't administrate your box with a
user that has permission to log in through samba, as Windoze
passwords are too easy to crack.
Cheers,
Dennis
"Custard pies are a sort of esperanto: a universal language."
--Noel Godin
