become root depth is non zero (ldap)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Jul 9 16:20:40 GMT 1999
doug,
the code in there needs to be revisited. it's not a high priority, for me,
as i have too many other things to do (sorry, that's a fact not an
excuse).
if someone wants to update the smbpassfile code, and then write a script /
utility to convert unix groups to nt groups in smbgroupfile, smbaliasfile
and smbbuiltinfile, then please let the lists know: this is the best way
to handle this problem.
luke
On Fri, 9 Jul 1999, Doug VanLeuven wrote:
> Ignacio Coupeau wrote:
>
> > Someone knows what "ERROR: become root depth is non zero" means?
>
> I've done some research & posted to samba-technical, but no response.
> Responses in the archives range from "ignore it" to "you've got a configuration problem".
> I remain unconvinced, since I still get it after deleting down to 1 additional user
> and 1 addit group from a stock linux distribution.
>
> In short, every time you see this, samba has lost the state it was running in,
> which for me was "nobody" and is then running as "root".
>
> Here's the original post:
> Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14,
> samba CVS as of 6-24-99
>
> In the logs:
> [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370)
> ERROR: become root depth is non zero
> [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392)
> ERROR: unbecome root depth is 0
>
> I realize it's just a nested become/unbecome pair that starts
> as user nobody.
> The problem is the 2nd call to become_root overwrites
> the saved nobody data with root information and the
> last (2nd) unbecome_root restores root info when it
> should be nobody, leaving the process in running
> as root.
>
> Is this a potential security hole? It has that feel.
> Should the saved user data be pushed & popped?
>
> I pared passwd, group, & smbpasswd down to
> one addit user with one addit group so I don't
> think it's a configuration problem.
>
> Our MS PDC crashes several times a day, so I
> really want to replace it, but I need to resolve
> this before I can go production.
>
> I traced the sequence of calls that lead to the nested call.
>
> file : rpc_server/srv_lookup.c
> int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
>
> 85 become_root(True);
> 86 status = lookup_name(name, &sid, &type);
> 87 unbecome_root(True);
>
> uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type)
>
> 579 status = (status != 0x0) ? lookup_user_name (user, domain, si
>
> file : rpc_server/srv_lookup.c
> static uint32 lookup_user_name(const char *name, const char *domain,
>
> 560 status = (status != 0x0) ? lookup_added_user_name(name, domain,
>
> static uint32 lookup_added_user_name(const char *nt_name, const char
>
> 518 /* find the user account */
> 519 become_root(True);
> 520 sam_pass = getsam21pwntnam(nt_name);
> 521 unbecome_root(True);
>
> -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
> Chief Engineer, USMM roamdad at ibm.net
> Programmer/Analyst, SCWA doug at scwa.ca.gov
>
>
>
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
More information about the samba-ntdom
mailing list