Please answer to the bug report rather than only to myself... but I should have setup the Reply-To fielsd. Hence forwarding your answer.
So, Mario's answer: El mié, 27-07-2005 a las 07:19 +0200, Christian Perrier escribió: > Quoting Abajo Duran, Mario ([EMAIL PROTECTED]): > > Package: winbind > > Version: 3.0.14a-3 > > Severity: grave > > Justification: user security hole > > I don't really see this rationale in the following: Sorry, it's my first bug :P > > > > > I have found an error in a similar way to the bug 2776 in the samba bugzilla > > https://bugzilla.samba.org/show_bug.cgi?id=2776 i'm configuring a samba > > server in an ADS domain (not in native mode but with security = ADS) and > > sharing a directory with acl's and found that some privileged users get > > access denied when trying to access. > > > This is not a user security hole but just a failure to give some users > their correct privileges, so I fail to getthe real deep security > implications here (except maybe for "deny" style acl's which would > deny access to resources to members of some groups). This make the > severity of this bug kinda overflated. Winbind asings groups to users that they are not member, and seems pretty random (i particularly get group numbers that not exists), this result in denying access because of not belonging to the correct groups, but i can imagine the situation of a user who gets the privileges of an important group and get access to the entire share, i think this is a security hole, or a lotery :) > > Please also confirm whether this is the exact same problem than > samba's 2776. If it is, then we should mark this bug as forwarded > upstreamwith the bugzilla address as forwarded address. Really it's not the same problem, i get missing groups and groups that had changed, but i think the problem is related, but i can't confirm it yet. > > /me trying to make some work in the big mess of samba BTS and really > sorry for not being able to do enough. > No problem, thanks for your time, and i will try to help resolving this issue if have enougth time, for the moment i will try later an older version of samba in other machine to look for the same problem. --
