Bug 4812 - escape_shell_string in smbrun will cause preexec to fail
Summary: escape_shell_string in smbrun will cause preexec to fail
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.25b
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-24 10:43 UTC by Peter Daum
Modified: 2008-02-11 13:17 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Daum 2007-07-24 10:43:57 UTC
For a long time, samba has included options like "preexec=", "postexec=" ...
to specify shell commands to be executed when connecting to a share.

Around Samba 3.0.25, lib/smbrun.c was changed to quote everything except regular
characters before passing it on to the shell. I am not sure where else smbrun
is called and how much sense this change makes elsewhere (presumably for security
reasons) put at least the documentation for "preexec" still implies that its
value may be any shell command. With a configuration that makes use of these
features, this change may cause severe but difficult to find malfunctions after
an upgrade from a previous samba version. If it has to be (at least in this 
context I can't see much security gain because the command to be executed is
from a configuration file and normally not dependant on any user input), at
least a warning in the release notes and in the documentation would be appropriate.
Comment 1 Jeremy Allison 2008-02-11 13:17:35 UTC
Sorry, not going to fix this in the code due to security reasons. I'll make sure the docs get updated.
Jeremy.