[PATCH] selftest: Add sanity-check RODC can't use cache to reveal secrets

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] selftest: Add sanity-check RODC can't use cache to reveal secrets

Samba - samba-technical mailing list
Hi,

Attached is a follow-up patch for bug #12977. It adds a test that checks
RODCs can't exploit the cache on the Samba server to leak secrets.

We unintentionally fixed this security hole in 4.7. The new test checks
we don't unintentionally reopen the hole again in the future.

Cheers,
Tim

extra-test.txt (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] selftest: Add sanity-check RODC can't use cache to reveal secrets

Samba - samba-technical mailing list
Reviewed-by: Garming Sam <[hidden email]>

Any chance of another reviewer?


Cheers,

Garming

On 02/10/17 15:22, Tim Beale via samba-technical wrote:

> Hi,
>
> Attached is a follow-up patch for bug #12977. It adds a test that checks
> RODCs can't exploit the cache on the Samba server to leak secrets.
>
> We unintentionally fixed this security hole in 4.7. The new test checks
> we don't unintentionally reopen the hole again in the future.
>
> Cheers,
> Tim


Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] selftest: Add sanity-check RODC can't use cache to reveal secrets

Samba - samba-technical mailing list
On Fri, 2017-10-13 at 09:50 +1300, Garming Sam via samba-technical
wrote:
> Reviewed-by: Garming Sam <[hidden email]>
>
> Any chance of another reviewer?

Reviewed-by: Andrew Bartlett <[hidden email]> and pushed to
autobuild!

Thanks,

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba