> On Tue, 13 Feb 1996, Alexander Fok wrote: > > Can anyone detail the "Unix Samba" hole? > > Thank you in advance. > > Ok Samba is a program that you have to install on your Unix system. So if > you installed a program on your Unix system you evaluated what that > program does before you turn it loose on your network, Right ? Please, don't spread misinformation. Netbios is a protocol, sometimes also called SMB. The Samba software provides both a server and a client for UNIX. The Samba 'hole' is not a hole, but a feature. The SMB protocol is weak, it has holes. WIth standard (Windows) software you can't really use all features of the protocol. The Samba client has some additional commands, like the cd command which has the ability to send 'cd ./..' which you cannot send with WIndows Filemanager. This can take you down towards the root even if you exported only c:\windows\word\docs\pub\txts. Microsoft unfairly tried to blame it on Samba, because it had broken MS's security through obscurity. So, the Samba software allows the MS things, and some more. The Samba serverside is safe, and the call to 'evaluate before you turn it loose', implying the Samba code is bad or not to be trusted is an unjustified smear attempt. > The basic function of Samba is to bring the drag and drop that > windows has to the file systems that exist on Unix. Nonsense. Samba implements a file sharing protocol like Novell Netware or NFS. Has nothing to do with the drag and drop or file systems. Rob