On Wed, 2005-03-23 at 21:45 +0000, [EMAIL PROTECTED] wrote: > Author: jra > Date: 2005-03-23 21:45:46 +0000 (Wed, 23 Mar 2005) > New Revision: 6008 > > WebSVN: > http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6008 > > Log: > Add privillage check for SE_DISK_OP (is this the right privilage?)
No, I don't think this is the right privilege, and honestly I do not think we really need a privilege here yet. The message sent with message_send_pid will be reject if you are not root so there is no harm with this function afaik. Can we revert this change? I will add a proper privilege wrapper function when we want to extend it to let other users than root to use the function. > before allowing users to shut down any sessions. > Simo - please check security before allowing state changes. Please > review this change. Done yet, If you test with a regular user, you will see that message_send_pid will fail and you get back WERR_ACCESS_DENIED. Tested trying to kill other sessions when connected as a normal user through server manager. Simo. -- Simo Sorce - [EMAIL PROTECTED] Samba Team - http://www.samba.org Italian Site - http://samba.xsec.it
