Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (cepheus)
ADMIN$ IPC IPC Service (cepheus)
zeisberg Disk Home Directories
Domain=3D[CEPHEUS] OS=3D[Unix] Server=3D[Samba 3.0.7-Debian]
Server Comment
--------- -------
Workgroup Master
--------- -------
MALIBU CEPHEUS
root@cepheus:~# mountpoint /mnt
/mnt is not a mountpoint
root@cepheus:~# mount -t cifs //127.0.0.1/man /mnt -o user=3Dzeisberg
Password:
root@cepheus:~# mountpoint /mnt
/mnt is a mountpoint
root@cepheus:~# mount | grep cifs
//127.0.0.1/man on /mnt type cifs (rw,mand)
root@cepheus:~# ls /mnt
X11R6 cat2 cat4 cat6 cat8 fsstnd local
cat1 cat3 cat5 cat7 cat9 index.db opt
root@cepheus:~# touch /var/cache/man/isitthisdir
root@cepheus:~# ls /mnt
X11R6 cat2 cat4 cat6 cat8 fsstnd isitthisdir opt
cat1 cat3 cat5 cat7 cat9 index.db local
root@cepheus:~# egrep -v '^ *([#;].*)?$' /etc/samba/smb.conf
[global]
workgroup =3D malibu
server string =3D %h
wins support =3D no
dns proxy =3D no
log file =3D /var/log/samba/log.%m
max log size =3D 1000
syslog =3D 0
panic action =3D /usr/share/samba/panic-action %d
security =3D user
encrypt passwords =3D true
passdb backend =3D tdbsam guest
obey pam restrictions =3D yes
invalid users =3D root
passwd program =3D /usr/bin/passwd %u
passwd chat =3D *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\sp=
assword:* %n\n .
[homes]
comment =3D Home Directories
browseable =3D no
writable =3D yes
create mask =3D 0700
directory mask =3D 0700
=66rom the logs:
[2004/11/14 13:55:59, 1] smbd/service.c:make_connection_snum(648)
127.0.0.1 (127.0.0.1) connect to service man initially as user zeisberg (=
uid=3D1000, gid=3D100) (pid 3373)
This attracted my attention while a WinXP-Box showed apart from my
homedir the directory 'man at cepheus'.
This is not too dangerous in my case, because is seems/is read-only,
there is no precious data in this location and there is no internet
connection. But maybe there are other cases and machines, where there
could be done (more) harm.
I don't know what addional information I could add to this report. Until
now I can reproduce this, so let me know, if you need more information.
Tell me please, if I should try upgrading to samba/unstable, too.
Regards
Uwe
--=20
Uwe Zeisberger
Set the I_WANT_A_BROKEN_PS environment variable to force BSD syntax ...
-- manpage of procps
Versions of packages samba depends on:
ii debconf [debconf-2.0] 1.4.40 Debian configuration managemen=
t sy
ii libacl1 2.2.23-1 Access control list shared lib=
rary
ii libc6 2.3.2.ds1-18 GNU C Library: Shared librarie=
s an
ii libcomerr2 1.35-6 The Common Error Description l=
ibra
ii libcupsys2-gnutls10 1.1.20final+rc1-10 Common UNIX Printing System(tm=
) -
ii libkrb53 1.3.4-4 MIT Kerberos runtime libraries
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libpam-modules 0.76-22 Pluggable Authentication Modul=
es f
ii libpam-runtime 0.76-22 Runtime support for the PAM li=
brar
ii libpam0g 0.76-22 Pluggable Authentication Modul=
es l
ii libpopt0 1.7-5 lib for parsing cmdline parame=
ters
ii logrotate 3.7-2 Log rotation utility
ii netbase 4.19 Basic TCP/IP networking system
ii samba-common 3.0.7-2 Samba common files used by bot=
h th
Message-ID: <email address hidden>
Date: Mon, 15 Nov 2004 11:16:06 +0100
From: Uwe Zeisberger <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: can mount a non-shared directory
--vtzGhvizbBRQ85DL Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: samba
Version: 3.0.7-2
Severity: critical
Tags: security
Hello,
I don't have investigated much (yet), but see the following alarming
transscript:
root@cepheus:~# smbclient -L 127.0.0.1 -U zeisberg
Password:
Domain=3D[CEPHEUS] OS=3D[Unix] Server=3D[Samba 3.0.7-Debian]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (cepheus)
ADMIN$ IPC IPC Service (cepheus)
zeisberg Disk Home Directories
Domain=3D[CEPHEUS] OS=3D[Unix] Server=3D[Samba 3.0.7-Debian]
Server Comment
--------- -------
Workgroup Master
--------- -------
MALIBU CEPHEUS
root@cepheus:~# mountpoint /mnt
/mnt is not a mountpoint
root@cepheus:~# mount -t cifs //127.0.0.1/man /mnt -o user=3Dzeisberg
Password:
root@cepheus:~# mountpoint /mnt
/mnt is a mountpoint
root@cepheus:~# mount | grep cifs
//127.0.0.1/man on /mnt type cifs (rw,mand)
root@cepheus:~# ls /mnt
X11R6 cat2 cat4 cat6 cat8 fsstnd local
cat1 cat3 cat5 cat7 cat9 index.db opt
root@cepheus:~# touch /var/cache/ man/isitthisdir
root@cepheus:~# ls /mnt
X11R6 cat2 cat4 cat6 cat8 fsstnd isitthisdir opt
cat1 cat3 cat5 cat7 cat9 index.db local
root@cepheus:~# rm /mnt/isitthisdir
rm: cannot remove `/mnt/isitthisdir': Permission denied
root@cepheus:~# egrep -v '^ *([#;].*)?$' /etc/samba/smb.conf samba/log. %m samba/panic- action %d snew\sUNIX\ spassword: * %n\n *Retype\ snew\sUNIX\ sp=
[global]
workgroup =3D malibu
server string =3D %h
wins support =3D no
dns proxy =3D no
log file =3D /var/log/
max log size =3D 1000
syslog =3D 0
panic action =3D /usr/share/
security =3D user
encrypt passwords =3D true
passdb backend =3D tdbsam guest
obey pam restrictions =3D yes
invalid users =3D root
passwd program =3D /usr/bin/passwd %u
passwd chat =3D *Enter\
assword:* %n\n .
[homes]
comment =3D Home Directories
browseable =3D no
writable =3D yes
create mask =3D 0700
directory mask =3D 0700
=66rom the logs: c:make_ connection_ snum(648)
[2004/11/14 13:55:59, 1] smbd/service.
127.0.0.1 (127.0.0.1) connect to service man initially as user zeisberg (=
uid=3D1000, gid=3D100) (pid 3373)
This attracted my attention while a WinXP-Box showed apart from my
homedir the directory 'man at cepheus'.
This is not too dangerous in my case, because is seems/is read-only,
there is no precious data in this location and there is no internet
connection. But maybe there are other cases and machines, where there
could be done (more) harm.
I don't know what addional information I could add to this report. Until
now I can reproduce this, so let me know, if you need more information.
Tell me please, if I should try upgrading to samba/unstable, too.
Regards
Uwe
--=20
Uwe Zeisberger
Set the I_WANT_A_BROKEN_PS environment variable to force BSD syntax ...
-- manpage of procps
-- System Information: 3Den_US. UTF-8 (charmap=3DUTF-8)
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANGC, LC_CTYPE=
Versions of packages samba depends on:
ii debconf [debconf-2.0] 1.4.40 Debian configuration managemen=
t sy
ii libacl1 2.2.23-1 Access control list shared lib=
rary
ii libc6 2.3.2.ds1-18 GNU C Library: Shared librarie=
s an
ii libcomerr2 1.35-6 The Common Error Description l=
ibra
ii libcupsys2-gnutls10 1.1.20final+rc1-10 Common UNIX Printing System(tm=
) -
ii libkrb53 1.3.4-4 MIT Kerberos runtime libraries
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libpam-modules 0.76-22 Pluggable Authentication Modul=
es f
ii libpam-runtime 0.76-22 Runtime support for the PAM li=
brar
ii libpam0g 0.76-22 Pluggable Authentication Modul=
es l
ii libpopt0 1.7-5 lib for parsing cmdline parame=
ters
ii logrotate 3.7-2 Log rotation utility
ii netbase 4.19 Basic TCP/IP networking system
ii samba-common 3.0.7-2 Samba common files used by bot=
h th
-- debconf information: nmbd_from_ inetd: log_files_ moved: smbpasswd: true
samba/
* samba/run_mode: daemons
samba/
samba/tdbsam: false
* samba/generate_
--vtzGhvizbBRQ85DL pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
iD8DBQFBmIHm6su MTIUe0hYRApbXAK ClDhdISlolJZNx7 AcwfLM1ZYb/ FQCgupnc Doykff7c=
F3hmC1NNGqRveKL
=v4+d
-----END PGP SIGNATURE-----
--vtzGhvizbBRQ8 5DL--