SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts

tridge at linuxcare.com tridge at linuxcare.com
Wed Feb 9 21:02:26 GMT 2000


> andrew, if i wasn't keeping --- just like there is in smbd --- a
> _direct_ one-to-one mapping between unix security context and the
> what-is-considered-to-be-a-nonexistent-security-model, i would agree
> with you.

keeping a 1-1 mapping doesn't help. All that means is you are using
the unix kernel as a storage place for 1 global variable. That global
variable (the euid) has nothing to do with the meaning you are giving
it in msrpcd. Imagine someone who stored the day of the week in the
euid - you could do it by using seteuid() and geteuid(), but it would
be a very bad thing to do.

on several occasions you said you don't want to implement a security
system in msrpcd, you want to use the unix uid system to do that. The
problem is that the unix security system knows nothing about the
objects you re protecting, so it doesn't protect them. So right now
you have no protection. I think it is better to either make it clear
in the code that there is no msrpc security system or implement one -
using the unix security system in this way just gives a false sense of
security. 

Cheers, Tridge

PS: Jeremy says hi :)



More information about the samba-technical mailing list