"To be more specific, this is a Virtualbox Ubuntu virtual machine running on Windows 10, grabbing a file across SMB from a Samba file server running inside the Windows Subsystem for Linux through Bash."
Fantastic article from Alexander Bokovoy on
how this thing was found and fixed !
It's not an SMB protocol bug. It's a generic flaw in the DCE RPC protocol used for all RPC services on Windows and specifically to administer Active Directory Domain Controllers. That's why we really want people to patch (both Samba *and* Windows users).
How we plan to expose cloud-based filesystems in Samba:
I know you're just a random slashdot poster, and I really shouldn't expect any better, but would it hurt you to look at the list of Document Foundation (the Org behind LibreOffice) and look at the list of supporters:
"Chris DiBona, Open Source Programs Manager at Google, Inc., has commented: "The creation of The Document Foundation is a great step forward in encouraging further development of open source office suites. Having a level playing field for all contributors is fundamental in creating a broad and active community around an open source software project. Google is proud to be a supporter of The Document Foundation and participate in the project".
Hint - supporters mean we fund them. I represent Google on the Board of Directors, and yes, nagging them about getting a full Android port is something I do *every* meeting.
I now return you to your regularly scheduled slashdot poster 2-minute-hate on "Big Corporations".
This, this, a thousand times this.
You can look at the source code all you like, but unless you can *use* that source code to build your own binaries and redistribute them, then that means absolutely nothing in terms of security.
The products you buy off the shelf may or may not have any relation to the code you looked at.
That's why Free Software is so important for security-sensitive applications. Not only do you get to look, you get to modify it and redistribute.
My mother is a fish. - William Faulkner