Vladimir JAKUBAL
2003-Jul-31  14:32 UTC
[Samba] Samba security hole as the workstation hangs
Hi, I probably found a minor security hole (as it may be IMHO) in my (latest) stable release of SAMBA (2.2.9a-1) Using Win98SE I am logging to Samba server. I am using root preexec and root postexec on Home share's to maintain a list of "correctly logged" users. When a Windows workstation craches, Samba finds this after some 5 long minutes. Until that time, although a new user logs into the same workstation, it STILL doesn't make a "POSTEXEC" operation on the previous share !!! (Still alive) Example of current behaviour - in-out log of current Samba release (IMHO bad) EVID [2003/07/31 15:04:20] hugo BEG z IP:195.113.84.205 (* PREEXEC -> Starting first connection, RESET at 15:06 approx.) EVID [2003/07/31 15:07:55] hugo BEG z IP:195.113.84.205 (* PREEXEC -> Logging again to the station) EVID [2003/07/31 15:11:29] hugo END z IP:0.0.0.0 (* POSTEXEC -> The first connection finaly falls) (See @#$% lower) I have studied log-files of previous stable versions, where the same problem ALWAYS gave "FALL" before "NEW LOG-IN". No idea how he did it or why the current does not. (Example of in-out log with older samba release : ) EVID [2003/01/14 14:01:27] hugo BEG z IP:194.108.183.205 (First log-in, CRASH) EVID [2003/01/16 14:55:35] hugo END z IP:0.0.0.0 (Huh, the comp fell down!) EVID [2003/01/16 14:55:51] hugo BEG z IP:194.108.183.205 (And now I log-in again) In older releases, there were ALWAYS at least 5 seconds between FALL (0.0.0.0) and following log-in. @#$% And, the last piece of my message, the part of log-file talking about "Yes, the old connection is dead" @#$% [2003/07/31 15:11:29, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer [2003/07/31 15:11:29, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Transport endpoint is not connected [2003/07/31 15:11:29, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Transport endpoint is not connected [2003/07/31 15:11:29, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Transport endpoint is not connected [2003/07/31 15:11:29, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Transport endpoint is not connected Please let me know your opinion and (eventualy) solution. No conditions changed during the whole year, except of Samba releases. Best regards, Vladimir Jakubal IT Gymnasium Jana Keplera, Prague, Czech Republic
