become_root, unbecome root errors
Douglas VanLeuven
roamdad at ibm.net
Fri Jul 2 23:40:31 GMT 1999
Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14,
samba CVS as of 6-24-99
In the logs:
[1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370)
ERROR: become root depth is non zero
[1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392)
ERROR: unbecome root depth is 0
I realize it's just a nested become/unbecome pair that starts
as user nobody.
The problem is the 2nd call to become_root overwrites
the saved nobody data with root information and the
last (2nd) unbecome_root restores root info when it
should be nobody, leaving the process in running
as root.
Is this a potential security hole? It has that feel.
Should the saved user data be pushed & popped?
I pared passwd, group, & smbpasswd down to
one addit user with one addit group so I don't
think it's a configuration problem.
Our MS PDC crashes several times a day, so I
really want to replace it, but I need to resolve
this before I can go production.
I traced the sequence of calls that lead to the nested call.
file : rpc_server/srv_lookup.c
int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids)
85 become_root(True);
86 status = lookup_name(name, &sid, &type);
87 unbecome_root(True);
uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type)
579 status = (status != 0x0) ? lookup_user_name (user, domain, si
file : rpc_server/srv_lookup.c
static uint32 lookup_user_name(const char *name, const char *domain,
560 status = (status != 0x0) ? lookup_added_user_name(name, domain,
static uint32 lookup_added_user_name(const char *nt_name, const char
518 /* find the user account */
519 become_root(True);
520 sam_pass = getsam21pwntnam(nt_name);
521 unbecome_root(True);
--
Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax)
Programmer/Analyst, SCWA : doug at scwa.ca.gov
Chief Engineer, USMM : roamdad at ibm.net
More information about the samba-technical
mailing list