[Pkg-samba-maint] Bug#425391: [Fwd: Re: Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ; ]

Tue May 22 06:17:56 UTC 2007

Forwarding this formerly private mail.

Other maintainers, advice? I think that going the way to sanity check
configuration files is a dangerous slope...

-------- Message original --------
Sujet: Re: Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ;
Date: Tue, 22 May 2007 08:10:31 +0200
De: Arno van Amersfoort <a.c.j.van.amersfoort at eld.physics.leidenuniv.nl>
Pour: Christian Perrier <bubulle at debian.org>
Références: <465190A7.2060600 at eld.physics.leidenuniv.nl>
<20070521162600.GB11034 at kheops.homeunix.org>

Thanks for your reply, one further comment surrounding this issue:
Shouldn't "/etc/init.d/samba start" or testparm at least generate a
warning that characters were used that are not allowed, instead of
silently replacing them with spaces, which in my case caused my whole
filesystem to be polluted with chmod, chown etc. (because the first
statement was mkdir)?

Christian Perrier wrote:
> tags 425391 wontfix
> thanks
>
>   
>> After some debugging I discovered that a strange problem I experienced 
>> was caused by the patched code added in Samba 3.0.14a-3sarge for 
>> CVE-2007-2447 (Remote Command Injection Vulnerability). It is now no 
>> longer possible to use the ";" character in options like "preexec = " & 
>> "postexec =" causing the use of ie. (in my case) "root preexec = mkdir 
>> -p /home/software/Recycle; chown root:admins /home/software/.Recycle" to 
>> be executed as "root preexec = mkdir -p /home/software/Recycle chown 
>> root:admins /home/software/.Recycle" (The semicolon disappears!).
>>
>> As far as I can see now, it also breaks the use of (in my case) "passwd 
>> program = /usr/bin/passwd %u; /usr/local/lib/yp_make.sh"
>>
>> This new unexpected behaviour can possibly break a lot of setups! I 
>> think the easiest solution is to add the ";" (and possibly also & and |) 
>> to #define INCLUDE_LIST 
>> "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.,"
>>     
>
>
> Upstream has admitted that these sanity checks may have consequences
> on existing setups but that would be the price to pay for increased
> security.
>
> Jeremy Allison on samba at lists.d.o:
>
>   
>> Yes it is I'm afraid. We now sanitize completely any
>> shell meta-characters to avoid any security issues
>> with user generated input being passed to a shell.
>>     
>
>   
>> I was a little worried this might break some existing
>> setups but this is the first report I've had, and believe
>> me security problems are worse than breaking setups :-).
>>     
>
>
> jra again:
>
>
>   
>> Rather than putting executable shell script in smb.conf,
>> move this into a file as a shell script and pass %U, %G
>> as parameters to it from smb.conf - that should be much
>> safer.
>>     
>
>
>
>   

-- 
Ing. A.C.J. van Amersfoort (Arno)
Electronics & ICT Engineer
----------------------------------------------------------------
Leiden Institute of Physics (LION), Electronics Department (ELD)
Huygens Laboratory (Room 1007), Leiden University
Postal Address: P.O. Box 9504, 2300 RA Leiden
Visit Address : Niels Bohrweg 2, 2333 CA Leiden
The Netherlands
----------------------------------------------------------------
Phone    : +31-(0)71-527.1894
Fax      : +31-(0)71-527.5819
E-mail   : a.c.j.van.amersfoort at eld.physics.leidenuniv.nl
Homepage : http://rocky.eld.leidenuniv.nl