pre2.0.7 "PANIC"; is it quotas?

David Lee T.D.Lee at durham.ac.uk
Mon Feb 7 18:26:54 GMT 2000


On Mon, 7 Feb 100 jeremy at varesearch.com wrote:

> Ok - it looks like the assert checks in lib/util_sec.c are
> failing for your system. I'm glad you caught this one before
> 2.0.7 ship.
> 
> Thse code in quotas.c is doing :
> 
> save_re_uid();
> set_effective_uid(0);
> 
> ... a file open....
> 
> if (failed)  - which it did !
>    restore_re_uid();
> 
> 
> It looks like it is this restore_re_uid() that is failing.
> 
> Now when save_re_uid is called smbd should be running
> as real uid = 0, eff_uid = 420. set_effective_uid should
> just change this to real_uid=0, eff_uid=0, and then restore_re_uid
> should be setting it back to real_uid = 0, eff_uid = 420
> (save_re_uid == save real and effective uid, restore_re_uid
> stands for restore real and effective uid).
> 
> Can you add DEUBG(0) printfs into restore_re_uid()
> n lib/util_sec.c on your system so I can see
> exactly which system calls it is making.
> 
> As I recall, on Solaris it should be using
> setresuid() - which is the most modern version
> of these kinds of cal (as it can set real/effetive/saved
> uids independently and simultaneously).

It is actually using setreuid() (without the middle "s").

Following your suggestion, I have found and fixed the bug.  Although I
would ask you to double-check it of course...

The code in "restore_re_uid()" said:

+ #elif USE_SETREUID
+       setreuid(-1, saved_ruid);
+       setreuid(saved_euid, -1);

and the calls were failing.  I think this ought to be:

+ #elif USE_SETREUID
+       setreuid(-1, saved_euid);
+       setreuid(saved_ruid, -1);

That is, first argument is "real", second is "effective".  This change
seems to fix the problem.

BUT ... Big Disclaimer: I have almost zero experience of programming these
calls, and none about how Samba should be working in this area.  So please
double-/treble-check.  (For example, although the fix seems to work, are
those two lines necessarily in the correct (or optimum? or best?) order?)

Anyway, hope that helps.

> You don't mention which Solaris verion you are running though...

[ For completeness (only): Our servers have been a mixture of 2.5, 2.5.1,
2.6 and 7 .  I have compiled on the lowest (2.5 in the early days, but
more recently 2.6), and simply install those binaries on everything.  It
has worked ... until Samba pre2.0.7 .  But with regard to this particular
incident, my guess is that the version is irrelevant. ]

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :



More information about the samba-technical mailing list