It seems a bit savage to panic if an admin mistypes a [in]valid users entry

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

It seems a bit savage to panic if an admin mistypes a [in]valid users entry

Samba - samba-technical mailing list
Hi folks,

In looking at a netgroups question I noticed this in
source3/smbd/share_access.c token_contains_name:

                }
                smb_panic("got invalid prefix from do_groups_check");
        }

Should we really panic if an admin entered some invalid character.
That would lead to things failing in strange and hard to debug ways
...

Surely it is better to simply ignore that field/parameter?

--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

Reply | Threaded
Open this post in threaded view
|

Re: It seems a bit savage to panic if an admin mistypes a [in]valid users entry

Samba - samba-technical mailing list
On Fri, Nov 03, 2017 at 09:04:49AM -0700, Richard Sharpe via samba-technical wrote:

> Hi folks,
>
> In looking at a netgroups question I noticed this in
> source3/smbd/share_access.c token_contains_name:
>
>                 }
>                 smb_panic("got invalid prefix from do_groups_check");
>         }
>
> Should we really panic if an admin entered some invalid character.
> That would lead to things failing in strange and hard to debug ways
> ...
>
> Surely it is better to simply ignore that field/parameter?

Valid / invalid users is a bit security critical in that
people are depending on it to protect resources.

Maybe better would be to print an error and then terminate,
rather than panic.

Reply | Threaded
Open this post in threaded view
|

Re: It seems a bit savage to panic if an admin mistypes a [in]valid users entry

Samba - samba-technical mailing list
On Fri, Nov 03, 2017 at 09:23:54AM -0700, Jeremy Allison via samba-technical wrote:

> On Fri, Nov 03, 2017 at 09:04:49AM -0700, Richard Sharpe via samba-technical wrote:
> > Hi folks,
> >
> > In looking at a netgroups question I noticed this in
> > source3/smbd/share_access.c token_contains_name:
> >
> >                 }
> >                 smb_panic("got invalid prefix from do_groups_check");
> >         }
> >
> > Should we really panic if an admin entered some invalid character.
> > That would lead to things failing in strange and hard to debug ways
> > ...
> >
> > Surely it is better to simply ignore that field/parameter?
>
> Valid / invalid users is a bit security critical in that
> people are depending on it to protect resources.
>
> Maybe better would be to print an error and then terminate,
> rather than panic.

Or just deny share access.

-slow

--
Ralph Boehme, Samba Team       https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/

Reply | Threaded
Open this post in threaded view
|

Re: It seems a bit savage to panic if an admin mistypes a [in]valid users entry

Samba - samba-technical mailing list
On Fri, Nov 03, 2017 at 05:54:44PM +0100, Ralph Böhme via samba-technical wrote:

> On Fri, Nov 03, 2017 at 09:23:54AM -0700, Jeremy Allison via samba-technical wrote:
> > On Fri, Nov 03, 2017 at 09:04:49AM -0700, Richard Sharpe via samba-technical wrote:
> > > Hi folks,
> > >
> > > In looking at a netgroups question I noticed this in
> > > source3/smbd/share_access.c token_contains_name:
> > >
> > >                 }
> > >                 smb_panic("got invalid prefix from do_groups_check");
> > >         }
> > >
> > > Should we really panic if an admin entered some invalid character.
> > > That would lead to things failing in strange and hard to debug ways
> > > ...
> > >
> > > Surely it is better to simply ignore that field/parameter?
> >
> > Valid / invalid users is a bit security critical in that
> > people are depending on it to protect resources.
> >
> > Maybe better would be to print an error and then terminate,
> > rather than panic.
>
> Or just deny share access.

Yeah that also makes sense - so long as it fails closed.

Patches welcome :-).