Smbpasswd and setuid
Andrew Bartlett
abartlet at pcug.org.au
Fri Oct 19 00:43:07 GMT 2001
The DJ wrote:
>
> I'm trying to create a GUI utility for Samba functions.
> It is going to be for MacOS X.
>
> Now to execute commands which require root permissions, Mac OS X allows the
> programmer to bring up a login panel, so the user can temporarily login as
> another user. I tried to make use of smbpasswd in this way, but I ended up
> with this in my programs log:
>
> smbpasswd must *NOT* be setuid root.
> (so MacOS X makes it temporarily setuid)
>
> I guess this is a safety precaution in smbpasswd.
> If I were to remove this precaution and let my program use the adapted
> version, would that be a huge security hole I'm creating?
>
> Is the following the only thing that's preventing me from this?
> Or is there more?
IT would be a VERY LARGE secuirty hole. Samba 2.2.1 and above would
allow execution of arbitary code in that circumstance, unless you
control your environment variables VERY closely.
Samba isn't written to be setuid, and may parts of it can change in
operation based on envrionment variables.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list