Become_root depth is nonzero
pgmtekn at algonet.se
Mon Aug 9 05:21:00 GMT 1999
> Michael Stockman wrote:
> > Hello,
> > After starting to use usrmgr yesterday I noticed a problem with
> > nonzero root depth. This occurs in rpc_server/srv_lookup.c and I
> > believe it is caused by a call to lookup_name in make_dom_gids
> > wrapped in become_root. Since all privileged calls from
> > and it's descendants also are wrapped, the error occurs when we
> > them.
> I researched & posted on this a while back. On my system
> Redhat 5.2, kernel 2.0.36, gcc 188.8.131.52-14,
> samba CVS as of 7-28-99 with LDAP
> the above mentioned call was the one responsible for all my reported
I'm afraid I really can't tell, because I don't have LDAP.
> > The patch I'm proposing removes the seemingly unneeded become_root
> > unbecome_root pair around that call. I have not been able to
> > any new problems from this, and it seems to me that the pair was
> > anyway on the wrong level in the architecture.
> Because the second unbecome_root incorrectly restored root
privliges, I felt it
> was a security issue & rewrote the become/unbecome root pair to push
> user & directory info to a depth of 2, no errors since.
> I reverted smbd/uid.c & applied your patch.
> 1. boot an NT standalone server joined to samba PDC domain
> 2. run user manager for domains
> 3. user/properties
After this the error showed up in my logs for the problem I tried to
solve. Is it possible that your problem is another misplaced
> 4. edit groups
> 5. Add a group that user is not member of
> 6. Informed "Access denied error"
Is this in the samba logs or on the NT side (or both)? I'm getting
told of an RPC error when I try this from W95.
> 7. Logs indicate become/unbecome root error
This is bad, and we should find out where both the become_root calls
are made, shouldn't we?
> 8. Closing & re-opening groups shows user now in additional groups
> is reflected in LDAP DB.
Seemingly there might be more misplaces become_root/unbecome_root in
the RPC code, the LDAP code or the code calling that. If you like, I
can send a debug patch that tracks become_root and we can try to track
down also this problem (through reading logs).
Basically the system is designed so that any wrapping of become_root
around calls to any of our own functions, that is not confident it is
root and also calls become_root, is on the wrong level. Since the
obvious security implications we should conside making become_root
safe against this, but while it is intended as a one level only thing,
it should remain an error.
> so I'm still getting the error in this circumstance.
pgmtekn-micke at algonet.se
More information about the samba-technical