I just compiled and installed 2.0.6 and fired up SWAT. SWAT's security is
much different from previous versions, where a user with only read
permission could use it, but without the commit changes and delete buttons.
With 2.0.6 if you can't write globals or shares, you can't see them and
don't even get the share or global navigation buttons. Anyone who can see
the global or share screens can write (or overwrite) them.
I liked the old way, where I could log in as an unpriveleged user and know
I could look but not touch.
So I put it back the way it was. In swat.c, static void
show_main_buttons(void), there is the following code:
if (have_write_access) {
image_link("Globals", "globals",
"images/globals.gif");
image_link("Shares", "shares",
"images/shares.gif");
image_link("Printers", "printers",
"images/printers.gif");
}
if (have_read_access) {
image_link("Status", "status",
"images/status.gif");
image_link("View Config",
"viewconfig","images/viewconfig.gif");
}
I moved all 3 lines from the have_write_access condition to the
have_read_access condition, and since the have_write_access condition now
had no statements, I deleted its if statement. I recompiled and reinstalled
swat, fired up swat, and it acted the same way as previous versions -- if
you have no write permission for smb.conf you can see globals, shares and
printers, but you have no commit changes or delete buttons.
Have I committed some kind of security gaffe?
Thanks
Steve Litt
