Should samba become_root() before calling panic action?
Andrew Bartlett
abartlet at samba.org
Wed Apr 9 23:10:36 GMT 2003
On Thu, 2003-04-10 at 04:18, Steve Langasek wrote:
> On Wed, Apr 09, 2003 at 09:33:30AM +1000, Andrew Bartlett wrote:
> > On Wed, 2003-04-09 at 04:39, MCCALL,DON (HP-USA,ex1) wrote:
> > > Might it be better to leave this to the panic script itself; ie
> > > require a 'su' to root in the panic script to ensure that it run as
> > > root to do the gdb backtrace???
> > > Not completely secure either, but putting responsibility into the *ux
> > > admin's hands might be safer than preempting that choice in our code...
> > > hope this helps,
> > > Don
>
> > Well, the script would run with the same privilages as smbd - that is,
> > the right to regain root - so it would just be a small matter of
> > adjusting the effective uid back again.
>
> On most systems I'm familiar with, the euid is not saved across the
> exec() boundary. So you can only run the panic action with root privs if
> the calling process's real uid (not just the effective uid) is 0.
Which Samba's is, as far as I understand it.
> > We might as well do it ourselves - just watch the linking stuff -
> > smb_panic() isn't only smbd I think...
>
> True. I seem to recall some other reason why I found it would be
> beneficial to provide {un,}become_root() dummy functions for apps that
> don't run with true root privs.
Well, you would not call become_root() but the underlying functions (as
you never want to go back, and can't trust that state of the security
stack).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030410/198d12ce/attachment.bin
More information about the samba-technical
mailing list