CVS update: samba/source/srvsvcd

John E. Malmberg wb8tyw at qsl.net
Thu Mar 23 00:44:52 EST 2000


Luke Leighton <lkcl at samba.org> wrote:
>
>   why?  because linux/alpha has setresuid but not setresgid!  how many
other
>   systems have this silly kind of mis-match?
>
> - cut across andrew's setuid etc mods, removing direct calls to seteuid
etc.
>
Since you asked:

In OpenVMS the native setuid() and setgid() always return success, but do
nothing.

For both Eckart Meyer's VMS port, and mine, a working setuid() has been
written and substituted for it.

Because of the way that OpenVMS handles UIDs, a setuid() function must set
both the UID and the GID.  This means that the setgid() can not be
implemented to actually do anything.

In older versions of SAMBA, this did not matter as apparently the setuid()
call was done before the setgid() call.

In SAMBA 2.0.6, I discovered that now in SMBD, the setgid() call is being
called and the results checked before the setuid() was being called.

I worked around this with a patch to disable the check for setgid()
succeeding.

I have not looked through the code to see the impact of changing the
setuid() to be before the setgid() to see what impact it has.

There is also the question if some security hole is present by changing the
UID first, and then the GID on UNIX platforms.

-John
wb8tyw at qsl.net



More information about the samba-cvs mailing list