Luke Leighton
1999-Nov-29 18:20 UTC
security risk with private DOMAIN.TRUST_ACCT.mac files
i have seen people reporting log files that show .mac files to be in the /etc/ directory. if these files are world-readable then there is a risk that these files can be used to compromise the security of your PDC (i.e use them to obtain user SMB password hashes, or do a brute-force login attack). please therefore read the following carefully. IF you have DOMAIN_NAME.TRUST_ACCT.mac files in /etc (or any other world-readable directory) AND IF a ls -al /etc/*.mac shows that you have permissions other than rw-------, or an owner other than root, THEN: please report, direct to myself at lkcl@samba.org and NOT to the above lists: - exactly where you obtained samba from (part of your distribution?) - exactly which version of samba you have (use bin/smbd -h) - exactly which version of your operating system you have (if samba came with your distribution). any information received will remain confidential and will enable me to report to any samba distributors that they correct their (or our :-) samba installation scripts, and to create an appropriate bugtraq report, if necessary. if you find that these files are not root-owned or do not have the correct permissions, do this: chown root /etc/*.mac chmod go-rwx /etc/*.mac IF these files are owned by root AND are not world-readable, THEN: there is no risk to the security of your Samba Domain. except of course if you don't trust root. there is a very good reason why the samba team decided to put these files in /usr/local/samba/private (the default permissions on the private/ directory is rwx- to root only). regards, luke (samba team).