Re: Not a bug, that's a feature!
> On the face of it, it looks like there might be deeper problems that are being fixed in the short term with a quick simple patch?
No, that's not the case. I did the forensics on this.
There are 2 subsystems involved here.
(1). Load a shared library module and execute it.
This has many uses inside Samba, plugin VFS libraries etc.
(2). Allow a client request on an RPC pipe to be routed to an external process or library.
This allows Samba to be built without embedding all the named pipe services inside it, which makes it a smaller binary for embedded vendors.
Unfortunately an old commit connected the two subsystems together, re-using the shared library module existing code to find and load the service the client was asking for. There was insufficient sanitization of the requesting name which caused the problem. That's what the fix now does.
In the future more restrictions are planned (along with cmocka regression tests) to improve the code quality here.