On 29 Feb 2012, at 19:25 , Chris Murphy <[email protected]> wrote:
> On Feb 29, 2012, at 4:44 PM, Charles Dyer wrote: > >> >> On 29 Feb 2012, at 17:51 , Chris Murphy <[email protected]> wrote: >> >>> This behavior occurring on all current versions of 10.7.x, i.e. 10.7.0 >>> through 10.7.3? >> >> It's worse than that. Lion's SMB package is buggy beyond compare. > > Yeah I'm aware of that, and the reasons they ditched SAMBA. I think some > wanker at Apple severely underestimated the clusterf|ck complexity of > SMB/CIFS and SAMBA when they said, OK just write our own. This is what > happens when you get lawyers and non-engineer (or green) execs making such > decisions. > > What I'm getting at though is 4 subversions, ~9 months availability, of a > client operating system that *easily* thwarts Windows server security? It's > just surprising to the point I feel like I'm missing something. I'm not at all surprised. Depressed, now... > > >>> They've really been working on the problem for 9+ months? >> >> Longer. Strong rumor has it that this problem, and others wrt the new SMB >> package, have been around since the earliest Lion betas. That's heading into >> 2 years now. > > Yeah I meant just the public domain time frame. Of course the total > development time would be much longer. Even SAMBA on 10.6.x was old, so it's > possible they've been working on their own implementation for a while, maybe > fully 4.5 years since that's about when SAMBA went GPLv3. It doesn't show. > >> However, it sometimes happens with Server 2008 R2 and Win7, too, so I >> suspect that they're gonna have to actually fix this, they just don't wanna. > > > Microsoft has to fix this, not just Apple, right? That's not going to happen. Server 2003 and WinXP are EOL, Redmond is _not_ going to fix any major problems with them. Period. Minor problems, maybe, but nothing which will require serious work. They're too busy with Metrosexual... ah, Win8. > > For Apple, this almost doesn't surprise me. Maybe it should, but come on... > I've never taken them seriously when it comes to playing nice with foreign > OS's or making connectivity to anything but the internet, easy or secure. They don't care. It's that simple. > > And while I'm no fan of Microsoft, this seems like it constitutes a major > exploit. Like a design level flaw that isn't easy to fix server side or they > probably would have done it by now. That's how I see it. > >>> How is this not a huge security hole for both the client *and* the server? >> >> I've pointed this out. Does the phrase 'works as designed/expected' have any >> meaning for you? > > Oh...yes. A few times here and there. My retort is "then the design is > flawed, I expect better and so should you." > > I have yet to be given a followup response to that suggestion, but I have a > tentative retort involving an introduction to seppuku just in case I do. > > But seriously, I get the client fix arguments. But it seems to me the final > blame lies with the server. Certainly it's the gatekeeper. How else could > there possibly be secure file serving otherwise? "Here's that file you did > not even directly ask for, and by the way you're not allowed to look at it." > I'm no security expert by any means, but this just does not make any sense to > me at all. What am I missing? The basic flaw appears to be due to Redmond. Lion just revealed the problem. _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
