Bug 5715 - ldb creates world-writable (== potentially exploitable) databases by default
Summary: ldb creates world-writable (== potentially exploitable) databases by default
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.2.2
Hardware: All All
: P3 regression
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL: http://bugs.debian.org/496073
Depends on:
Reported: 2008-08-23 20:11 UTC by Steve Langasek
Modified: 2011-03-17 16:43 UTC (History)
1 user (show)

See Also:

proposed patch (748 bytes, patch)
2008-08-26 01:48 UTC, Karolin Seeger
no flags Details
better patch (903 bytes, patch)
2008-08-27 03:52 UTC, Karolin Seeger
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Steve Langasek 2008-08-23 20:11:17 UTC
A Debian user has reported that group_mappings.ldb is created world-writeable by default in samba 3.2.  I can confirm this on my system; it appears that all ldb files (of which group_mapping may be the only one, currently?) are created by default with permissions of 0666.  source/lib/ldb/common/ldb.c:

struct ldb_context *ldb_init(void *mem_ctx)
    ldb_set_create_perms(ldb, 0666);

I'm pretty sure that it shouldn't be allowed for all local users to modify the group mapping database, as this lets users assume any group privileges that they want to...

I think the correct fix is to use 0644 instead of 0666 as the default permissions.
Comment 1 Karolin Seeger 2008-08-25 03:52:44 UTC
Thanks for the report!

Very likely, we will see a security release soon.
Comment 2 Simo Sorce 2008-08-25 11:00:58 UTC
The default should 600, ldb relies on locking and leaving the file readable can be exploted as a DoS by read-locking the whole file.
Comment 3 Jeremy Allison 2008-08-25 20:23:23 UTC
Thanks for catching this Steve, I think the correct fix is to force this to 600.
Comment 4 Karolin Seeger 2008-08-26 01:48:22 UTC
Created attachment 3506 [details]
proposed patch
Comment 5 Steve Langasek 2008-08-26 12:30:29 UTC
CVE-2008-3789 has been assigned for this issue.
Comment 6 Karolin Seeger 2008-08-27 03:51:03 UTC
Comment on attachment 3506 [details]
proposed patch

This patch does only affect the creation of new ldb files.
Comment 7 Karolin Seeger 2008-08-27 03:52:10 UTC
Created attachment 3509 [details]
better patch

This patch does also fix the permissions of existing ldb files.
Comment 8 Karolin Seeger 2008-08-27 06:21:06 UTC
Comment on attachment 3506 [details]
proposed patch

Both patches are needed to fix the issue properly.
Comment 9 Karolin Seeger 2008-08-28 01:07:00 UTC
Fixed with 3.2.3.
Closing out bug report.

Thanks for the report!