View Full Version : SERIOUS Windows Sharing Flaw 10.3

12-14-2003, 11:18 AM
Ok, I turn windows sharing on, and my roommate in the dorms here accesses it (I type in my password) and was listening to my music on his Windows XP box. Funny thing, when I disabled Windows Sharing in the Sharing system preferences, he was still logged on! He was still able to browse my files and listen to music. And any other privs I had included create and delete.

It seems that the MacOS won't disconnect him while he is streaming data such as music, and simply leave his connection on, indefinately. I havnt found a way to disconnect him at all.

Anybody know how to fix this flaw?

12-14-2003, 11:29 AM
U could try restarting your Mac.

12-14-2003, 12:02 PM
Yea. Eventually I found that that's the only way that I could disconnect the user from my computer. But isn't that kind of rediculous? Shouldn't Disabling Windows Sharing, or enabling the built-in firewall disconnect the user?

12-14-2003, 12:46 PM
On MacOSX 10.2, starting windows sharing on the System Preferences App starts up two background programs: smbd and nmbd. 10.3 may or may not have different names for these programs. Enter the terminal and type: "killall nmbd smbd". That command will terminate both programs effectively terminating your friend's connection.

12-14-2003, 03:09 PM
I don't think it's as much of a flaw as a problem. I believe that if the process is being used it waits until it is not being used before not letting anyone else use it, and since you are streaming music, that process must stop before it totally kills it.

Use the method mentioned above by atomictuesday to kill the process immediately. Pretty sure it will confuse the crap outta your friend's Windows machine and make it hang, but you will have done what you wanted to.

12-14-2003, 07:11 PM
Originally posted by atomictuesday
Enter the terminal and type: "killall nmbd smbd".

Thanks. Havn't tried it yet, but will do.

But seriously, the problem isn't that he's streaming music. The problem is that all a user has to do is be transferring a file (such as music) when the connection breaks, and they can jump back in when ever they want. Tested for up to 10 minutes later.

I personally think that it can be used as a backdoor especially because Apple's built in firewall doesn't stop data from being sent while this is going on.

12-14-2003, 07:16 PM
I wouldn't let anyone in my front door that I wouldn't trust in the back.

12-15-2003, 05:09 PM

Tell Apple (http://www.apple.com/macosx/feedback/) what you expect...