Oleg Noskov
2002-May-16 10:50 UTC
[Samba] Samba [2.2.3a-6] printing: looks like a major security hole?
Hello, We're running Samba 2.2.3a-6 on Debian (Woody). With security level set to "share" we share a local printer and everything works. Now I'm trying to impose access restrictions on that printer: ----------------------------------- [global] security=share printing=cups printcap name=cups ... [myprinter] browseable=no path=/tmp public=no printable=yes writable=no valid users=user1 ----------------------------------- Testing this from another Samba box works OK: only user1 can successfully print. Now guess what... I try to print from Win2K box logged in as another user. It prints :( How is Win2K able to bypass Samba security here? Isn't it a major security hole? Thanks, Oleg Noskov Xandros Corp.
Gerald Carter
2002-May-16 12:30 UTC
[Samba] Samba [2.2.3a-6] printing: looks like a major security hole?
On Thu, 16 May 2002, Oleg Noskov wrote:> Hello, > > We're running Samba 2.2.3a-6 on Debian (Woody).Please try to reproduce against 2.2.4. Also a debug level 10 log of the session would be most helpful. You can send it to me off list to save noise. Thanks. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--