发表新帖
发表新帖

Adding SMB to Windows, how safe is this?

后端 未结
关注
3 1726
野趣味
野趣味 2021-01-06 17:06

I came across a small hack, which claims it enables smb:// on windows.
The complaint was that things like text&l

相关标签:
3条回答
  • 轻奢々
    2021-01-06 17:35

    Not to mention, SMB isn't the only protocol that uses that syntax, so does any other filesystem such as WebDAV. Somewhat clever idea though, and I wish that smb:// worked too.

    0 讨论(0)
  • 故里飘歌
    2021-01-06 17:37

    To me, it looks damn dangerous because it allows any website to place "\\RESOURCENAME" URLs, which will work regardless of context, and smb.bat will be called if you click such a link. I don't entirely understand the batch syntax (the ~ part especially) but it seems to me it's possible to pass any kind of argument to explorer.exe.

    There's probably no immediate danger because it's very unlikely an outside attacker would guess you have this set up. Still, safe it's not.

    0 讨论(0)
  • 既然无缘
    2021-01-06 17:43

    I'd much rather have the server detect windows clients output \servername\path scheme for those and smb:// for everything else.

    0 讨论(0)
 看不清?
提交回复
热议问题