BUG: Incompatibility between Samba & Secure kernels (fwd)
David Collier-Brown
davecb at canada.sun.com
Thu Jul 5 14:04:26 GMT 2001
Xavier ROCHE <roche at serianet.com> wrote:
> Once security disabled in the SECURITY section, everything seems to work
> fine (no errors in the logs). I didn' have yet found exacly which
> security option is causing this mess, but I can try to compile several
> kernel releases and try to activate each option at time.
>
> Is there a way to specify an option in smb.conf to disable shared memory,
> or to disable shared memory automatically when secured kernels are being
> used?
>
I find this problem puzzling: I'm more familiar
with formal security such as the Orange Book set
(I run Trusted Solaris on a machine at home), and
wonder why a security kernel would have to be turned
entirely off to reenable mmap... The README
implies taht uoi only need to turn off the
mmap-destroyer.
On the other hand, Samba's behavior on failure
is a bit frightening (:-)) In tdb_mmap() intdb.c,
we return NULL to the callers, but the callers
behave differently...
Functions calling this function: tdb_mmap
File Function Line
1 tdb.c tdb_oob 209 tdb->map_ptr = tdb_mmap(tdb->map_size,
tdb->read_only,tdb->fd);
2 tdb.c tdb_expand 465 tdb->map_ptr = tdb_mmap(tdb->map_size, 0,
tdb->fd);
3 tdb.c tdb_open 1139 tdb.map_ptr = tdb_mmap(st.st_size,
tdb.read_only,
tdb.fd);
tdb_oob() and tdb_expand() just stuff the null into tdb->map_ptr,
and tdb_open() returns a pointer to the null. None of the three
check for failure, although they have code to check for other
failures. This is arguably A Bad Thing.
I tentatively reccomend:
--- tdb.c Thu Apr 19 08:47:24 2001
+++ tdb.c.new Thu Jul 5 10:01:56 2001
@@ -1136,7 +1136,8 @@
tdb.locked = calloc(tdb.header.hash_size+1,
sizeof(tdb.locked[0]));
if (!tdb.locked) goto fail;
if (!(tdb.flags & TDB_NOMMAP))
- tdb.map_ptr = tdb_mmap(st.st_size, tdb.read_only,
tdb.fd);
+ if ((tdb.map_ptr = tdb_mmap(st.st_size, tdb.read_only,
tdb.fd)) == NULL)
+ goto fail;
if (locked) {
tdb_clear_spinlocks(&tdb);
tdb_brlock(&tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK);
--dave
> --
> Xavier Roche
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering Team | some people and astonish the rest.
Americas Customer Engineering | -- Mark Twain
(905) 415-2849 | davecb at canada.sun.com
More information about the samba-technical
mailing list