become root depth is non zero (ldap)

Doug VanLeuven ldx at ibm.net
Thu Jul 8 21:49:00 GMT 1999


Ignacio Coupeau wrote:

> Someone knows what "ERROR: become root depth is non zero" means?

I've done some research & posted to samba-technical, but no response.
Responses in the archives range from "ignore it" to "you've got a configuration problem".
I remain unconvinced, since I still get it after deleting down to 1 additional user
and 1 addit group from a stock linux distribution.

In short, every time you see this, samba has lost the state it was running in,
which for me was "nobody" and is then running as "root".

Here's the original post:
Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14,
samba CVS as of 6-24-99

In the logs:
[1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370)
  ERROR: become root depth is non zero
[1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392)
  ERROR: unbecome root depth is 0

I realize it's just a nested become/unbecome pair that starts
as user nobody.
The problem is the 2nd call to become_root overwrites
the saved nobody data with root information and the
last (2nd) unbecome_root restores root info when it
should be nobody, leaving the process in running
as root.

Is this a potential security hole?  It has that feel.
Should the saved user data be pushed & popped?

I pared passwd, group, & smbpasswd down to
one addit user with one addit group so I don't
think it's a configuration problem.

Our MS PDC crashes several times a day, so I
really want to replace it, but I need to resolve
this before I can go production.

I traced the sequence of calls that lead to the nested call.

file : rpc_server/srv_lookup.c
int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)

     85                 become_root(True);
     86                 status = lookup_name(name, &sid, &type);
     87                 unbecome_root(True);

uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type)

    579         status = (status != 0x0) ? lookup_user_name    (user, domain, si

file : rpc_server/srv_lookup.c
static uint32 lookup_user_name(const char *name, const char *domain,

    560         status = (status != 0x0) ? lookup_added_user_name(name, domain,

static uint32 lookup_added_user_name(const char *nt_name, const char

    518         /* find the user account */
    519         become_root(True);
    520         sam_pass = getsam21pwntnam(nt_name);
    521         unbecome_root(True);

-- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
Chief Engineer, USMM roamdad at ibm.net
Programmer/Analyst, SCWA doug at scwa.ca.gov




More information about the samba-ntdom mailing list