1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
samba-mirror/source3/services
Volker Lendecke a60c7b4ff2 s3:services: Disable rcinit-based service control code
This is a become_root user callout that I have never seen in use in
more than 20 years of Samba. Why disable now? In the next commit I
need to make a change to initializing the registry values for
services, the svcctl service won't be able to do registry transactions
anymore. I'm not sure that going without transactions is 100% safe in
all failure cases, so I decided to propose disabling the problematic
code that might lead to security issues.

One fix might be to add a lot more validation code to
_svcctl_OpenServiceW() to see whether the registry values underlying
the service are sane.

Yes, this is technical debt, but I would question that starting unix
daemons via DCERPC used at all out there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
..
services.h
svc_netlogon.c
svc_rcinit.c s3:services: Disable rcinit-based service control code 2021-12-10 14:02:30 +00:00
svc_spoolss.c
svc_winreg_glue.c srcctl3: Improve debug messages 2018-01-16 02:43:03 +01:00
svc_winreg_glue.h srcctl3: Improve debug messages 2018-01-16 02:43:03 +01:00
svc_winreg.c
svc_wins.c