Bugtraq mailing list archives
Re: Symlink attack in (all?) Samba. - Local root walkthrough by Tozz
From: Tim Potter * <tpot () LINUXCARE COM AU>
Date: Fri, 15 Dec 2000 03:24:30 -0000
Requirements: * Shell access or any other way to create
symlinks
* A running samba deamon * The username and/or password of a user named
in the
admin lists in one or more shares.
This basically boils down to the fact that if you give someone root access on a machine they can do things. It is usually not necessary to use the admin users parameter. Tasks like managing upload directories and so on can usually be achieved with a combination of the various force user, group and create mode parameters. Tim.
Current thread:
- Re: Symlink attack in (all?) Samba. - Local root walkthrough by Tozz Tim Potter * (Dec 16)