[samba-tng] msrpc status

Andrew Tridgell tridge at linuxcare.com
Thu Dec 16 14:23:22 GMT 1999 

> a) don't fork, have a socket array.  on each incoming packet, you will
> need to do a become_user() for security reasons before processing the
> function call.  you don't want anonymous users to either run as the
> previous arbitrary user or as root.

as I've mentioned before, this "for security reasons" is a very thin
and misleading veil. 

> d) remove all msrpc processing from smbd.  this requires a mini-API to be
> created.  split instead of at the smb/msrpc pdu point, just feed
> any-data-identified-as-msrpc-related out of smbd to, say, a unix socket.

that is my preferred option.

> 2) msrpc loop-back interface, aka "ncalrpc" in dce/rpc terminology.

> /tmp/.msrpc 0777
> /tmp/.msrpc/PIPE_name 0770 (or any other permissions)
> /tmp/.msrpc/PIPE_name/socket 1777 - this is the actual unix socket.

first off, it should be in /usr/local/samba/var (or equivalent) not
/tmp. Secondly, it should be permission 0600 and be a single level
(ie. no directory at all).

As far as I can see there is absolutely no need for anyone except root
to open these pipes. They would be opened only when a smbd is
created. The close is implicit as part of the smbd exit.

This is all part of the "you do not need to run msrpc as non-root"
argument that I have been giving all along. Maybe it will sink in some
day :)

> like smb-agent, this manages smb connections.  it records the credentials
> of incoming connections, and allows for "reuse" of connections between
> clients and servers.  this can be used to reduce the number of connections
> (and therefore the number of processes) to one per set of user
> credentials.
> 
> it's got potential.

its only got potential to be removed. Please drop it, it has all the
same nasty problems as nmb-agent plus more.

> 3) rewrite or replace smbpasswd with code in rpcclient.  everything that
> smbpasswd currently does: do it with rpcclient, instead.  maybe keep
> smbpasswd around for backwards-compatibility or in case you want to manage
> smbpasswd files off-line whilst smbd and samrd are not running.

nope. This is just extra-work where it isn't required. smbpasswd
works. It doesn't depend on the rpc code. It works against all Samba
servers, even those that don't have rpc (like all the production Samba
servers in the world today).

changing it gains us precisely nothing and loses us a lot!

More information about the samba-technical mailing list