TNG 0.7 - can't join domain
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 29 18:24:34 GMT 2000
On Tue, 29 Feb 2000, Sander Striker wrote:
> >damn, damn - ok, i bet the two are related.
> >
> >ok.
> >
> >become_root()
> >...
> >become_root()
> >...
> >unbecome_root() - really does unbecome root
> >...
> >samr_drect_query_userinfo() - fails because it's not root
> >...
> >unbecome_root() - fails because we're already non-root.
> >
> >dammit.
> >
> >i'm not certain as to how to eliminate this, because according to some
> >people we should _only_ be running as root, which is a security risk if we
> >do it at the moment because there is no checking otheerwise on file access
> >inside the msrpc code.
>
> I guess people are suggesting running as root and when doing file access
> checking something like:
> become_user(); check_access(file); unbecome_user();
>
> >i could "fix" this by doing an increment on become_root() instead of
> >root_depth = 1 do root_depth++...
>
> For now, and for me personally, this is a good fix. Make sure to keep
> it all symmetric though. It's very easy to forget an unbecome_root() :-)
it always is. i get nervous when i see more than one function call
wrapped with a become_root(), unbecome_root().
More information about the samba-ntdom
mailing list