The branch, master has been updated
via 18e1322 ntp_signd: Only allow group access to the ntp signd
directory.
via 77bd7ea ntp_signd: move socket directory to var/lib not var/run for
permissions change
from e0ab14f s4:dsdb/acl_read: make sure confidential attributes require
CONTROL_ACCESS (bug #8620)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 18e13224eb75349fc9790f20aab125f485979760
Author: Andrew Bartlett <[email protected]>
Date: Sun Nov 11 21:32:22 2012 +1100
ntp_signd: Only allow group access to the ntp signd directory.
Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)
The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.
Permissions should be changed to:
ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)
If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed. As the error
is declared fatal, in the future, Samba may totally refused to start.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
Autobuild-User(master): Michael Adam <[email protected]>
Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
commit 77bd7ea1664514a8988941d454fc621c7f0943d1
Author: Andrew Bartlett <[email protected]>
Date: Mon Nov 12 08:44:02 2012 +1100
ntp_signd: move socket directory to var/lib not var/run for permissions
change
With the next patch, this becomes a socket directory on which we must
maintain administrator-specified permissions we will need to move it
away from directories that wipe at boot.
This means the ntp.conf will need to change from (eg)
ntpsigndsocket /usr/local/samba/var/run/ntp_signd/
to
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
Andrew Bartlett
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
dynconfig/wscript | 4 ++--
source4/ntp_signd/ntp_signd.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 44e8f19..d1c7a00 100755
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -226,8 +226,8 @@ dynconfig = {
'DELAY': True,
},
'NTP_SIGND_SOCKET_DIR' : {
- 'STD-PATH': '${SOCKET_DIR}/ntp_signd',
- 'FHS-PATH': '${SOCKET_DIR}/ntp_signd',
+ 'STD-PATH': '${PRIVILEGED_SOCKET_DIR}/ntp_signd',
+ 'FHS-PATH': '${PRIVILEGED_SOCKET_DIR}/ntp_signd',
'DELAY': True,
},
'NCALRPCDIR' : {
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index 1de9cc3..0c3899f 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -498,7 +498,7 @@ static void ntp_signd_task_init(struct task_server *task)
const char *address;
- if
(!directory_create_or_exist(lpcfg_ntp_signd_socket_directory(task->lp_ctx),
geteuid(), 0755)) {
+ if
(!directory_create_or_exist(lpcfg_ntp_signd_socket_directory(task->lp_ctx),
geteuid(), 0750)) {
char *error = talloc_asprintf(task, "Cannot create NTP signd
pipe directory: %s",
lpcfg_ntp_signd_socket_directory(task->lp_ctx));
task_server_terminate(task,
--
Samba Shared Repository
