Bug 7298 - privillege problem
Summary: privillege problem
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: 3.4.0
Hardware: x64 Linux
: P3 critical
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2010-03-25 23:59 UTC by Bill Deng
Modified: 2010-03-26 01:52 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Bill Deng 2010-03-25 23:59:53 UTC
Hi all, I got a critical problem with privileges.

I run smbd 3.4 on my ubuntu server 9.10. it works fine with linux. But when user logged in from windows systems. it can overwrite files they don't have privillege to change (write).

for example, there is a file with name a.txt. by design, user b can read the file b but cannot change it (write). my situation is when user b opened file a.txt, he cannot save any changes to the file. and he cannot delete the file also. the system will these actions as it should be. the problem is, BUT USER B CAN CHANGE FILE a.txt WITH ANOTHER TOTALLY DIFFERENT FILE BY "PASTE" ACTION! I mean, user b can have some files with totally different contents but have the same file name (a.txt for example here). he can copy the file from some other folder and paste it to the directory which contain file a.txt. Windows system will ask that the folder have already with name "a.txt". should you really want to overwrite it? then user b click "yes" botton, then, THE FILE IS CHANGED!!!
I have tested in windows xp and 2003. something happens no matter the user is an administrator or common user.

any comments?

kind regards,

Bill Deng
Comment 1 Volker Lendecke 2010-03-26 01:33:07 UTC
Very likely you're seeing the security problem we fixed with Samba 3.4.7.


Please upgrade to that version.


Comment 2 Bill Deng 2010-03-26 01:52:30 UTC
Thank you volker.