[PATCH] Remove sock_exec code

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Remove sock_exec code

Samba - samba-technical mailing list
Patch to remove the sock_exec code, my understanding is that this was
originally test support code and is no longer used.

Comments and reviews appreciated

Gary.

0001-source3-remove-sock_exec.patch.txt (8K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Remove sock_exec code

Samba - samba-technical mailing list
On Sunday, 5 November 2017 18:54:32 CET Gary Lockyer via samba-technical
wrote:
> Patch to remove the sock_exec code, my understanding is that this was
> originally test support code and is no longer used.
>
> Comments and reviews appreciated

man smbclient -> LIBSMB_PROG

I think you should remove that too if you want to get rid of it :-)


        andreas

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Remove sock_exec code

Samba - samba-technical mailing list
Updated patch attached, removes the man page entry.

On 09/11/17 05:11, Andreas Schneider via samba-technical wrote:

> On Sunday, 5 November 2017 18:54:32 CET Gary Lockyer via samba-technical
> wrote:
>> Patch to remove the sock_exec code, my understanding is that this was
>> originally test support code and is no longer used.
>>
>> Comments and reviews appreciated
>
> man smbclient -> LIBSMB_PROG
>
> I think you should remove that too if you want to get rid of it :-)
>
>
> andreas
>

0001-source3-remove-sock_exec.patch.txt (9K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Remove sock_exec code

Samba - samba-technical mailing list
I think you should mention that you are motivated by past exploits of
Samba that used sock_exec as a proxy for system() matching a talloc
destructor prototype.

See for example
https://gist.github.com/worawit/051e881fc94fe4a49295

and referencing the Red Hat post at:

https://access.redhat.com/blogs/766093/posts/1976553

The same motivation is for the close-on-exec change, making a repeat of
this exploit just a little more miserable by not allowing something
called via system() access to the FD back to the client.

Thanks,

Andrew Bartlett

On Thu, 2017-11-09 at 15:09 +1300, Gary Lockyer via samba-technical
wrote:

> Updated patch attached, removes the man page entry.
>
> On 09/11/17 05:11, Andreas Schneider via samba-technical wrote:
> > On Sunday, 5 November 2017 18:54:32 CET Gary Lockyer via samba-technical
> > wrote:
> > > Patch to remove the sock_exec code, my understanding is that this was
> > > originally test support code and is no longer used.
> > >
> > > Comments and reviews appreciated
> >
> > man smbclient -> LIBSMB_PROG
> >
> > I think you should remove that too if you want to get rid of it :-)
> >
> >
> > andreas
> >
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Remove sock_exec code

Samba - samba-technical mailing list
Updated patch attached, have revised the commit message in line with
Andrews comments

Gary

On 15/11/17 00:10, Andrew Bartlett via samba-technical wrote:

> I think you should mention that you are motivated by past exploits of
> Samba that used sock_exec as a proxy for system() matching a talloc
> destructor prototype.
>
> See for example
> https://gist.github.com/worawit/051e881fc94fe4a49295
>
> and referencing the Red Hat post at:
>
> https://access.redhat.com/blogs/766093/posts/1976553
>
> The same motivation is for the close-on-exec change, making a repeat of
> this exploit just a little more miserable by not allowing something
> called via system() access to the FD back to the client.
>
> Thanks,
>
> Andrew Bartlett
>
> On Thu, 2017-11-09 at 15:09 +1300, Gary Lockyer via samba-technical
> wrote:
>> Updated patch attached, removes the man page entry.
>>
>> On 09/11/17 05:11, Andreas Schneider via samba-technical wrote:
>>> On Sunday, 5 November 2017 18:54:32 CET Gary Lockyer via samba-technical
>>> wrote:
>>>> Patch to remove the sock_exec code, my understanding is that this was
>>>> originally test support code and is no longer used.
>>>>
>>>> Comments and reviews appreciated
>>>
>>> man smbclient -> LIBSMB_PROG
>>>
>>> I think you should remove that too if you want to get rid of it :-)
>>>
>>>
>>> andreas
>>>

0001-source3-remove-sock_exec.patch.txt (10K) Download Attachment
signature.asc (484 bytes) Download Attachment