On Feb 29, 2012, at 4:44 PM, Charles Dyer wrote: > > On 29 Feb 2012, at 17:51 , Chris Murphy <[email protected]> wrote: > >> This behavior occurring on all current versions of 10.7.x, i.e. 10.7.0 >> through 10.7.3? > > It's worse than that. Lion's SMB package is buggy beyond compare.
Yeah I'm aware of that, and the reasons they ditched SAMBA. I think some wanker at Apple severely underestimated the clusterf|ck complexity of SMB/CIFS and SAMBA when they said, OK just write our own. This is what happens when you get lawyers and non-engineer (or green) execs making such decisions. What I'm getting at though is 4 subversions, ~9 months availability, of a client operating system that *easily* thwarts Windows server security? It's just surprising to the point I feel like I'm missing something. >> They've really been working on the problem for 9+ months? > > Longer. Strong rumor has it that this problem, and others wrt the new SMB > package, have been around since the earliest Lion betas. That's heading into > 2 years now. Yeah I meant just the public domain time frame. Of course the total development time would be much longer. Even SAMBA on 10.6.x was old, so it's possible they've been working on their own implementation for a while, maybe fully 4.5 years since that's about when SAMBA went GPLv3. > However, it sometimes happens with Server 2008 R2 and Win7, too, so I suspect > that they're gonna have to actually fix this, they just don't wanna. Microsoft has to fix this, not just Apple, right? For Apple, this almost doesn't surprise me. Maybe it should, but come on... I've never taken them seriously when it comes to playing nice with foreign OS's or making connectivity to anything but the internet, easy or secure. And while I'm no fan of Microsoft, this seems like it constitutes a major exploit. Like a design level flaw that isn't easy to fix server side or they probably would have done it by now. >> How is this not a huge security hole for both the client *and* the server? > > I've pointed this out. Does the phrase 'works as designed/expected' have any > meaning for you? Oh...yes. A few times here and there. My retort is "then the design is flawed, I expect better and so should you." I have yet to be given a followup response to that suggestion, but I have a tentative retort involving an introduction to seppuku just in case I do. But seriously, I get the client fix arguments. But it seems to me the final blame lies with the server. Certainly it's the gatekeeper. How else could there possibly be secure file serving otherwise? "Here's that file you did not even directly ask for, and by the way you're not allowed to look at it." I'm no security expert by any means, but this just does not make any sense to me at all. What am I missing? Chris Murphy _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
