Re: Samba fixes

[Michael C Thompson <thompsmc@us.ibm.com>]

Daniel J Walsh wrote:
> Michael C Thompson wrote:
>> Daniel J Walsh wrote:
>>> I have been working heavily with the samba team here to get selinux 
>>> policy working well with samba.
>>>
>>>
>>> Most controversial part is
>>> samba_unconfined_script_exec_t
>>>
>>> Which is a directory that administrators can put random scripts into 
>>> and allow samba to execute.
>>
>> So, three questions:
>> 1) What user would be executing these scripts? The 'samba' user?
> Samba Developers say:
> 
> Either the authenticated user or root, it really depends on the script.
> 
> For example, a "preexec" script is run before the share is accessed as
> the user that authenticated to samba (or the forced user as per "force
> user" parameter), while a "root preexec" script would always be run as
> root. Other scripts always run as root or always as auth user depending
> on the action to be performed (ie add user scripts always run as root,
> while print related stuff should always run as user).
> 
>>
>> 2) What is the intention of such functionality? To have samba be able 
>> to run file management tools or something?
>> 3) Is supporting this functionality even a good idea?
> As opposed to setenforce 0/or samba_disable_trans?

That might be better than running with a false sense of security :) Even 
though this is an "administrative restricted" set of scripts, if an 
attacker could place malicious scripts in the directory, then permitting 
samba to exec them as root could be an avenue of attack.


My original point was simply that if its so controversial, that might 
beg the question "is offering this functionality a good idea, in the 
first place?".

Mike

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.