become root depth is non zero (ldap)

Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri Jul 9 16:20:40 GMT 1999 

doug,

the code in there needs to be revisited. it's not a high priority, for me,
as i have too many other things to do (sorry, that's a fact not an
excuse).

if someone wants to update the smbpassfile code, and then write a script /
utility to convert unix groups to nt groups in smbgroupfile, smbaliasfile
and smbbuiltinfile, then please let the lists know: this is the best way
to handle this problem.

luke

On Fri, 9 Jul 1999, Doug VanLeuven wrote:

> Ignacio Coupeau wrote:
> 
> > Someone knows what "ERROR: become root depth is non zero" means?
> 
> I've done some research & posted to samba-technical, but no response.
> Responses in the archives range from "ignore it" to "you've got a configuration problem".
> I remain unconvinced, since I still get it after deleting down to 1 additional user
> and 1 addit group from a stock linux distribution.
> 
> In short, every time you see this, samba has lost the state it was running in,
> which for me was "nobody" and is then running as "root".
> 
> Here's the original post:
> Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14,
> samba CVS as of 6-24-99
> 
> In the logs:
> [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370)
>   ERROR: become root depth is non zero
> [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392)
>   ERROR: unbecome root depth is 0
> 
> I realize it's just a nested become/unbecome pair that starts
> as user nobody.
> The problem is the 2nd call to become_root overwrites
> the saved nobody data with root information and the
> last (2nd) unbecome_root restores root info when it
> should be nobody, leaving the process in running
> as root.
> 
> Is this a potential security hole?  It has that feel.
> Should the saved user data be pushed & popped?
> 
> I pared passwd, group, & smbpasswd down to
> one addit user with one addit group so I don't
> think it's a configuration problem.
> 
> Our MS PDC crashes several times a day, so I
> really want to replace it, but I need to resolve
> this before I can go production.
> 
> I traced the sequence of calls that lead to the nested call.
> 
> file : rpc_server/srv_lookup.c
> int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
> 
>      85                 become_root(True);
>      86                 status = lookup_name(name, &sid, &type);
>      87                 unbecome_root(True);
> 
> uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type)
> 
>     579         status = (status != 0x0) ? lookup_user_name    (user, domain, si
> 
> file : rpc_server/srv_lookup.c
> static uint32 lookup_user_name(const char *name, const char *domain,
> 
>     560         status = (status != 0x0) ? lookup_added_user_name(name, domain,
> 
> static uint32 lookup_added_user_name(const char *nt_name, const char
> 
>     518         /* find the user account */
>     519         become_root(True);
>     520         sam_pass = getsam21pwntnam(nt_name);
>     521         unbecome_root(True);
> 
> -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
> Chief Engineer, USMM roamdad at ibm.net
> Programmer/Analyst, SCWA doug at scwa.ca.gov
> 
> 
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>

More information about the samba-ntdom mailing list