VB: become_root remove patches (head)
pgmtekn at algonet.se
Wed Aug 18 20:38:12 GMT 1999
> > Michael Stockman wrote:
> > >
> > > Hello,
> > >
> > > Here are the patches that eliminates every call to become_root
> > from
> > > samba (head). The function definition is not removed.
> > >
> > > They should be applied to locking/shmem_sysv.c
> > > rpc_server/srv_samr.c rpc_server/srv_netlog.c
> > > rpc_server/srv_lookup.c smbd/password.c smbd/dosmode.c
> > > smbd/chgpasswd.c.
> > >
> > > I haven't tried fixing any problems this might cause (please do
> > > while I make some patches for the 2.0.X branch:-). I should have
> > > time for that tonight.
> > Why are you wanting to remove become_root() from 2.0.x ?
> Actually I could hardly care less for 2.0.X. However lkcl (according
> to my interpretation) asked for it in a previous mail.
> There is also a debate over here about whether if become_root would
> ever would be needed in a good design. A side note is that samba is
> taking heavy damage in that debate and I'm having a hard time
> defending it.
> Still, I did ask for specific reasons why become_root exists and how
> samba changes uid during run-time. The contest is still open (sorry
> prize :-). Well, actually you could win some respect for finally
> caring about this.
> > This function is needed in many places to take on root
> > authority whilst doing something and then call unbecome_root()
> > to relinquish it again (eg. scanning the smbpasswd file).
> This function is seriously missused (in head branch) to bypass unix
> filesystem security. Samba is evidently giving out information that
> the user doesn't have access to (through becoming root in the RPC
> stuff). I suppose we all agree that samba must never send
> obtained whilst being root, rather than the user, to the client.
> > What have you replaced this functionality with ?
> As I wrote, nothing.
> If I'm correct in my assumption that samba runs as root most of the
> time and only changes down to perform services for the user, I
> to believe that both a become_user and become_root system is really
> necessary. If I'm wrong, please say so and we can discuss matters
> > become_root() got broken somewhat in HEAD due to some
> > careless changes in the authentication code. It works
> > correctly in 2.0.x as far as I know.
> That is quite possible, why hasn't it been fixed? I know head isn't
> considered stable, but I can see no reason what so ever that we
> save known errors in it (especially not security sensitive such).
> Best regards
> Michael Stockman
> pgmtekn-micke at algonet.se
More information about the samba-technical