[Info-vax] SAMBA and Ransomeware

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Mon Jul 17 17:52:39 EDT 2017 

On 2017-07-17 20:51:59 +0000, Scott Dorsey said:

> Michael Moroney <moroney at world.std.spaamtrap.com> wrote:
>> kludge at panix.com (Scott Dorsey) writes:
>> 
>>> Our question, then, becomes this: How do we, knowing we have an 
>>> inherently untrustworthy protocol, manage to implement it in the safest 
>>> possible way? Because we have to implement it.  And we have to do it as 
>>> safely as we can.
>> 
>> I suppose the VMS server process has as few privileges as absolutely 
>> possible, ideally TMPMBX+NETMBX only, if at all possible.
> 
> That's key number one.

If we're working within the constraints of the rather limited OpenVMS 
security implementation, then most definitely.   But that's likely not 
enough privileges for a file server, either.   For one example, NFS 
requires cmkrnl, netmbx, oper, sysnam, sysprv in one context, and 
cmkrnl, oper, sysnam, sysprv, and world in another; depending on what's 
going on.   The desire and increasingly the need to isolate what 
OpenVMS has traditionally used privileges for — such as isolating the 
system calls and operations that are permitted to a particular 
application, and quite possibly the use of classic OpenVMS privileges — 
are part of why sandboxes have become interesting to folks.   Having to 
break the particular server application, and then further escape the 
sandbox is (hopefully) more difficult for an attacker.

>> Naive question: Are the protocols fundamentally broken, security wise, 
>> or, in theory, could a good VMS programmer given the SMBx spec and no 
>> existing code as a bad example, write a secure SAMBA implementation 
>> from scratch?
> 
> Unknown, since nobody has actually seen the SMB spec outside of 
> Microsoft, and SAMBA exists entirely due to reverse-engineering of the 
> protocol.

Microsoft has published various specifications for Windows-related 
protocols, including SMB 2 and SMB 3.

https://msdn.microsoft.com/en-us/library/cc246482.aspx





-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list