Security: Samba Does Windows

Samba has been a basic component of my company's development environment for many years allowing Windows clients to talk to Linus servers. A recent article in ACM Queue points out how widely deployed it is, the interesting way it handles communication between heterogeneous distributed systems, and the security ramifications of its manipulation of network protocols.

Wolfe, Alexander. Samba Does Windows-to-Linux Dance. ACM Queue, Jul/Aug 2004.

With heterogeneous networked environments becoming the rule rather than the exception, there's more need than ever for Windows and Linux to work and play well together. Enter Samba, the print- and file-sharing tool that enables files residing on Linux hosts to interact with Windows-based desktops.

Samba, an open source effort that's freely available under the GPL (GNU General Public License), first hit the streets in a 1994 release written to support Unix. Its march toward common usage began in the form of deployments on servers running popular open source implementations such as HP-UX, IBM's AIX, and Sun's Solaris.

In recent years, the rampant rise in usage of Linux in the server world has catapulted Samba into almost ubi-quitous deployment. (In typical setups, Samba serves as the missing link, allowing client desktops running Windows to access files stored on such Linux servers.)

Indeed, the fact that Samba ships as a standard part of nearly every Linux distribution has given the software a stealthy penetration that's surprisingly large. There may be as many as 14 million to 16 million Samba servers in use in various forms. To break the numbers down more meaningfully, however, not all of those setups are "high-stress" environments. Estimates peg the number of large Unix and Linux installations (defined as hundreds or even thousands of users per server) running Samba at somewhere between 2.5 and 3 million...

So just why should Samba, which seems to have a fairly narrowly defined mandate, be of interest to the developers? Because it offers a window into the intricacies of networking and can provide developers with a virtual front-row seat for the handling of intercommunications among heterogeneous interconnected systems.

That's evident in Samba 3, the latest revision of the tool, released in September 2003. Samba 3 adds full-fledged domain control support (minus Microsoft's security account manager database replication) for the still widely used Windows NT 4 operating system. Domain support means Samba essentially mirrors the architecture by which NT stores user account credentials. Thus, Samba has a means for deciding whether to grant accredited users access to server-based files, enabling the Linux-to-NT interoperability...

Terpstra recommends that nuts-and-bolts professionals obtain a copy of the free Ethereal network protocol analyzer tool and use it as a sniffer to capture and review the packets traveling across a network to get a peek under the covers. As Samba runs, it makes use of information buried in thousands of those packets about the identity of the Windows clients on the network.

I queried Samba team member Terpstra about how system administrators of heterogeneous environments grappled with perceived security differences between Samba/Linux and Windows. "Interesting question, because you'll find that views on that are poles apart," says Terpstra. "Windows-style networking is inherently insecure. The reason is, the ability to browse, or to go into your ‘network neighborhood' and see all of your machines, is based on a broadcast technology..."

Fortunately, Samba implements features to shield the operating system from the user as much as possible. Additionally, because Samba is resident on non-Windows server platforms and doesn't implement all the features of Windows, it's able to cut out a lot of potential exploits for Windows, according to Terpstra.

Though Microsoft has no specific involvement with Samba, it too is concerned with security. Seeking to minimize the ability of hackers to exploit Windows, Microsoft is working hard to design improved security into its next-generation Longhorn operating system, due in 2006.

"With Longhorn, there's a good possibility that Microsoft will introduce entirely new technology," Terpstra says. "I believe that is entirely appropriate, because the current Windows networking technology is fundamentally insecure. It's grown topsy-turvy over many years. It's probably more cost effective to start with a clean slate than to try to fix the ills of the current technology."