Become_root depth is nonzero

Michael Stockman pgmtekn at algonet.se
Mon Aug 9 05:21:00 GMT 1999 

Hello,

> Michael Stockman wrote:
>
> > Hello,
> >
> > After starting to use usrmgr yesterday I noticed a problem with
> > nonzero root depth. This occurs in rpc_server/srv_lookup.c and I
> > believe it is caused by a call to lookup_name in make_dom_gids
being
> > wrapped in become_root. Since all privileged calls from
lookup_name
> > and it's descendants also are wrapped, the error occurs when we
get to
> > them.
>
> I researched & posted on this a while back.  On my system
> Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14,
> samba CVS as of 7-28-99  with LDAP
> the above mentioned call was the one responsible for all my reported
errors.
>

I'm afraid I really can't tell, because I don't have LDAP.

> > The patch I'm proposing removes the seemingly unneeded become_root
/
> > unbecome_root pair around that call. I have not been able to
detect
> > any new problems from this, and it seems to me that the pair was
> > anyway on the wrong level in the architecture.
>
> Because the second unbecome_root incorrectly restored root
privliges, I felt it
> was a security issue & rewrote the become/unbecome root pair to push
& pop
> user & directory info to a depth of 2, no errors since.
>
> I reverted smbd/uid.c & applied your patch.
> 1. boot an NT standalone server joined to samba PDC domain
> 2. run user manager for domains
> 3. user/properties

After this the error showed up in my logs for the problem I tried to
solve. Is it possible that your problem is another misplaced
become_root?

> 4. edit groups
> 5. Add a group that user is not member of
> 6. Informed "Access denied error"

Is this in the samba logs or on the NT side (or both)? I'm getting
told of an RPC error when I try this from W95.

> 7. Logs indicate become/unbecome root error

This is bad, and we should find out where both the become_root calls
are made, shouldn't we?

> 8. Closing & re-opening groups shows user now in additional groups
and
>     is reflected in LDAP DB.

Seemingly there might be more misplaces become_root/unbecome_root in
the RPC code, the LDAP code or the code calling that. If you like, I
can send a debug patch that tracks become_root and we can try to track
down also this problem (through reading logs).

Basically the system is designed so that any wrapping of become_root
around calls to any of our own functions, that is not confident it is
root and also calls become_root, is on the wrong level. Since the
obvious security implications we should conside making become_root
safe against this, but while it is intended as a one level only thing,
it should remain an error.

> so I'm still getting the error in this circumstance.

Best regards
  Michael Stockman
  pgmtekn-micke at algonet.se

More information about the samba-technical mailing list