Why is become_root???

Michael Stockman pgmtekn at algonet.se
Tue Aug 17 23:03:42 GMT 1999


I'm working on resolving become_root issues in the RPC code with Doug
VanLeuven. This has raised the question in my mind, why is there such
an obscure, difficult to grip, usafe thing as become_root?

In my mind samba works (should work) like this, based on what I've
1. Samba runs as root
2a. Samba changes to connected user to do something for the client
2b. When authenticating, samba will require access to privileged
information and remains as root, that information is never sent
3. Go back to 1

In the RPC code it seems however as if the chain is:
1. Samba runs as root
2. Samba changes to connected user
3. Samba changes back to root (become_root)
4. Samba becomes user (unbecome_root)
   (step 3 and 4 may repeat)
5. Go back to 1

Howcome we have to become root? Isn't the point of being the connected
user that it won't be able to access restricted information? Does
samba have a proprietary security model around the RPC information? If
so, is it that everyone have access to anything any RPC give away? And
if so, should samba really give away more than you (might) have access
to on the UNIX side?

Could anyone please answer these questions so that my faith in
become_root is restored and I don't remove every call to them (which
would ultimately solve the become_root problem)?

Best regards
  Michael Stockman
  pgmtekn-micke at algonet.se

More information about the samba-technical mailing list