Re: Windows 95 Network Security
Rob J. Nauta (rob@brasaap.IAEhv.nl)
Fri, 16 Feb 1996 00:26:57 +0100 (MET)
> On Tue, 13 Feb 1996, Alexander Fok wrote:
> > Can anyone detail the "Unix Samba" hole?
> > Thank you in advance.
>
> Ok Samba is a program that you have to install on your Unix system. So if
> you installed a program on your Unix system you evaluated what that
> program does before you turn it loose on your network, Right ?
Please, don't spread misinformation. Netbios is a protocol, sometimes also
called SMB. The Samba software provides both a server and a client for
UNIX. The Samba 'hole' is not a hole, but a feature. The SMB protocol is
weak, it has holes. WIth standard (Windows) software you can't really
use all features of the protocol. The Samba client has some additional
commands, like the cd command which has the ability to send 'cd ./..'
which you cannot send with WIndows Filemanager. This can take you down
towards the root even if you exported only c:\windows\word\docs\pub\txts.
Microsoft unfairly tried to blame it on Samba, because it had broken
MS's security through obscurity.
So, the Samba software allows the MS things, and some more. The Samba
serverside is safe, and the call to 'evaluate before you turn it loose',
implying the Samba code is bad or not to be trusted is an unjustified
smear attempt.
> The basic function of Samba is to bring the drag and drop that
> windows has to the file systems that exist on Unix.
Nonsense. Samba implements a file sharing protocol like Novell Netware
or NFS. Has nothing to do with the drag and drop or file systems.
Rob