Should samba become_root() before calling panic action?

Andrew Bartlett abartlet at samba.org
Wed Apr 9 23:10:36 GMT 2003 

On Thu, 2003-04-10 at 04:18, Steve Langasek wrote:
> On Wed, Apr 09, 2003 at 09:33:30AM +1000, Andrew Bartlett wrote:
> > On Wed, 2003-04-09 at 04:39, MCCALL,DON (HP-USA,ex1) wrote:
> > > Might it be better to leave this to the panic script itself; ie
> > > require a 'su' to root in the panic script to ensure that it run as
> > > root to do the gdb backtrace???
> > > Not completely secure either, but putting responsibility into the *ux
> > > admin's hands might be safer than preempting that choice in our code...
> > > hope this helps,
> > > Don
> 
> > Well, the script would run with the same privilages as smbd - that is,
> > the right to regain root - so it would just be a small matter of
> > adjusting the effective uid back again.
> 
> On most systems I'm familiar with, the euid is not saved across the
> exec() boundary.  So you can only run the panic action with root privs if
> the calling process's real uid (not just the effective uid) is 0.

Which Samba's is, as far as I understand it.

> > We might as well do it ourselves - just watch the linking stuff -
> > smb_panic() isn't only smbd I think...
> 
> True.  I seem to recall some other reason why I found it would be
> beneficial to provide {un,}become_root() dummy functions for apps that
> don't run with true root privs.

Well, you would not call become_root() but the underlying functions (as
you never want to go back, and can't trust that state of the security
stack).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030410/198d12ce/attachment.bin

More information about the samba-technical mailing list