15852 – ‘no secrets’ backups contain confidential attributes and KDS root keys

Bug 15852 - ‘no secrets’ backups contain confidential attributes and KDS root keys

Summary: ‘no secrets’ backups contain confidential attributes and KDS root keys

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	4.22.1
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jennifer Sutton
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-04-21 23:38 UTC by Jennifer Sutton
Modified:	2025-04-22 02:08 UTC (History)
CC List:	0 users

See Also:	https://gitlab.com/samba-team/samba/-/merge_requests/3934

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jennifer Sutton 2025-04-21 23:38:34 UTC

“Lab domains” and other backups without secrets will still contain confidential attributes (e.g. BitLocker keys) and, most importantly, the KDS root keys. These should be filtered out.

Format For Printing
- XML
- Clone This Bug
- Top of page