[889] in linux-security and linux-alert archive
[linux-security] Re: You wouldn't believe it...
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Jul 10 12:31:05 1996
Date: Wed, 10 Jul 1996 02:12:11 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Samuel Lewis <slewis@CompLaw.com>
cc: Linux Servers mailing list <SERVER-LINUX@NETSPACE.ORG>,
linux-security@tarsier.cv.nrao.edu
In-Reply-To: <2.2.32.19960709184718.00696b4c@CompLaw.com>
On Tue, 9 Jul 1996, Samuel Lewis wrote:
> BTW, I noticed some samba logs on [system name deleted]. Are you running
> samba on that system, or is it integrated into red had 3.0.3?
This is something I meant to say something about...but kept forgetting.
There's this box I installed very nearly all of Red Hat 3.0.3 on to get a
feel for Red Hat and see just how much I'd hate it. Maybe I just haven't
gotten to know it well enough...but I greatly prefer my hacked up
slackware based boxes. Anyway, one day a co-worker brings in his
notebook with pcmcia ethernet, and asks me whats up with this Windows
server on our network. "What windows server?" It was then that I found
that by default, Red Hat 3.0.3 setup Samba for me and ran it with /tmp
world rw. I still don't know Samba, but I assume this is the section of
config file responsible:
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
On a small box such as this one, where the root fs is _the_ fs, a world
writable (no account needed) exported directory could be a very bad thing.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______