On Thu, Aug 16, 2018 at 07:35:46PM +0100, Rowland Penny via samba wrote:> > > > The crash only happens when a local unix group (in this case root) is > > set as the group for the shared file. > > There is one very big problem with that theory, Administrator is > mapped (in idmap.ldb) to root, so when you read 'root' on a DC, you > can also read 'Administrator' (Which is most definitely a Domain > user) ;-)Whatever the case explorer.exe shouldn't crash on any data returned from the server. If it does that's a possible security flaw and you should report it immediately to Microsoft (I just fixed a similar problem with libsmbclient in our recent security release, that's why I'm sensitive to these things).
On Thu, 16 Aug 2018 11:46:01 -0700 Jeremy Allison <jra at samba.org> wrote:> On Thu, Aug 16, 2018 at 07:35:46PM +0100, Rowland Penny via samba > wrote: > > > > > > The crash only happens when a local unix group (in this case > > > root) is set as the group for the shared file. > > > > There is one very big problem with that theory, Administrator is > > mapped (in idmap.ldb) to root, so when you read 'root' on a DC, you > > can also read 'Administrator' (Which is most definitely a Domain > > user) ;-) > > Whatever the case explorer.exe shouldn't crash on any data > returned from the server. If it does that's a possible > security flaw and you should report it immediately to > Microsoft (I just fixed a similar problem with libsmbclient > in our recent security release, that's why I'm sensitive > to these things).Hi Jeremy, I have now made it crash! If the group on a file is 'root' explorer turns its toes up and dies. It is failing with exception code 0xc0000005 Rowland
The same thing happen if the group on a file is wheel or any other unix group. I also now observed that this also happens to unix users that are not mapped in idmap.ldb. For example: # useradd myunixuser # touch myfile # chown myunixuser myfile # chgrp SAMDOM\sambauser myfile alos crashes explorer. / Kacper On Thu, Aug 16, 2018 at 8:55 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 16 Aug 2018 11:46:01 -0700 > Jeremy Allison <jra at samba.org> wrote: > > > On Thu, Aug 16, 2018 at 07:35:46PM +0100, Rowland Penny via samba > > wrote: > > > > > > > > The crash only happens when a local unix group (in this case > > > > root) is set as the group for the shared file. > > > > > > There is one very big problem with that theory, Administrator is > > > mapped (in idmap.ldb) to root, so when you read 'root' on a DC, you > > > can also read 'Administrator' (Which is most definitely a Domain > > > user) ;-) > > > > Whatever the case explorer.exe shouldn't crash on any data > > returned from the server. If it does that's a possible > > security flaw and you should report it immediately to > > Microsoft (I just fixed a similar problem with libsmbclient > > in our recent security release, that's why I'm sensitive > > to these things). > > Hi Jeremy, I have now made it crash! > > If the group on a file is 'root' explorer turns its toes up and dies. > > It is failing with exception code 0xc0000005 > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >