Mike
2010-Mar-09 20:48 UTC
[Secure-testing-team] Bug#573223: samba: ignores file/directory permissions on the host
Package: samba
Version: 2:3.4.6~dfsg-1
Severity: grave
Tags: security
Justification: user security hole
I have this in smb.conf (only including the relevant bits):
[global]
...
security = user
follow symlinks = yes
wide links = yes
unix extensions = no
[shared]
comment = Shared file space
path = /shared
read only = No
In /shared are the following:
lrwxrwxrwx 1 root root 9 2009-04-07 22:25 backedup -> /backedup
-rw-r--r-- 1 mike mike 817480 2008-11-22 12:53 DryRetreiver.wmv
drwxr-xr-x 2 kirsty kirsty 4096 2010-03-09 20:22 kirsty
-rwxr--r-- 1 mike mike 16999 2009-09-30 19:15 KirstyCarLoan.ods
drwxr-xr-x 2 mike mike 4096 2010-01-06 19:45 LegoInstructions
drwxr-xr-x 2 mike mike 4096 2010-03-03 16:59 LinInstallers
drwx------ 2 root root 4096 2008-08-13 19:57 lost+found
drwxr-x--- 3 mike mike 4096 2010-03-09 19:42 mike
This server is accessed only from windows clients (the same directories
are shared via NFS for the unix clients)
I found I had to add the follow symlinks, wide links and unix extensions
options in order for \\server\shared\backedup\ to remain accessible
last time samba was upgraded. The problem remains even if these options
are removed.
The problem is that user ''mike'' can now WRITE to (and read
from)
\\server\shared\kirsty
and \\server\shared\lost+found.
This means any user can read/write to any other user''s data.
The unix file permissions should prevent this happening.
I also have a [homes] share, which seems to be working correctly - users
can only browse to their own directories.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, ''testing'')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages samba depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii libacl1 2.2.49-2 Access control list shared library
ii libattr1 1:2.4.44-1 Extended attribute shared library
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libcap2 1:2.17-2 support for getting/setting POSIX.
ii libcomerr2 1.41.10-1 common error description library
ii libcups2 1.4.2-4 Common UNIX Printing System(tm) -
ii libgnutls26 2.8.5-2 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries
ii libpam-modules 1.1.1-2 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-2 Runtime support for the PAM librar
ii libpam0g 1.1.1-2 Pluggable Authentication Modules l
ii libpopt0 1.15-1 lib for parsing cmdline parameters
ii libtalloc2 2.0.1-1 hierarchical pool based memory all
ii libwbclient0 2:3.4.6~dfsg-1 Samba winbind client library
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii procps 1:3.2.8-7 /proc file system utilities
ii samba-common 2:3.4.6~dfsg-1 common files used by both the Samb
ii update-inetd 4.36 inetd configuration file updater
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages samba recommends:
ii logrotate 3.7.8-4 Log rotation utility
Versions of packages samba suggests:
pn ctdb <none> (no description available)
pn ldb-tools <none> (no description available)
ii openbsd-inetd [inet-superse 0.20080125-4 The OpenBSD Internet Superserver
pn smbldap-tools <none> (no description available)
-- debconf information:
samba/run_mode: daemons
samba/generate_smbpasswd: true