Stephen Frost <[EMAIL PROTECTED]> wrote: > * Frank K?ster ([EMAIL PROTECTED]) wrote: >> Stephen Frost <[EMAIL PROTECTED]> wrote: >> > Have we actually got a specific case of this happening and there being a >> > real security threat from it? >> >> When I ran a samba server years ago, I changed the default log file names >> and, IIRC, location. > > Were they owned by the samba uid?
I don't know for sure, but I think yes. > Were they terribly sensitive? In some cases knowledge of filenames that one user uses would have been very interesting for some other users. > Did > you ever actually uninstall samba? Was the samba uid reused? Since I left that server to somebody else, I can only speculate: Probably no, but I cannot exclude it (e.g. if there ever was a samba-ng package or something like that, they might have tried it instead). > Was there > an actual compramise of the files by another daemon? I assume that in this case I'd know. > I'm looking for actual cases of this 'security hole' being exploited, Sorry, I can't help you. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
