Ability to cause dlopen of any random shared library file in system library path could still be very useful to an attacker.
-
-
-
Looks to me like there should be a whitelist of only "nt pipe ipc" service names samba intends to provide.
End of conversation
New conversation -
-
-
OK, after looking into it – the patch forces name not to include "/". That means do_smb_load_module will try to load /usr/lib/rpc/<name>.so
-
Relevant check is here: https://github.com/samba-team/samba/blob/master/lib/util/modules.c#L173 … . The only way to get to load_module with a bare path is if that conditional is false.
-
subsystem is the constant str "rpc" so that can only happen if the module path starts with "/" – and that's disallowed by the patch.
-
It's possible there are other paths to the module load functionality, but I didn't see any immediately.
End of conversation
New conversation -
-
-
This fixes just one very specific problem, the much bigger problem of bad design still remains.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.