[BUG] What if sombody uses our PROF_SHMEM_KEY?
Andrew Bartlett
abartlet at pcug.org.au
Fri Sep 7 04:06:02 GMT 2001
Andrew Bartlett wrote:
>
> I'm a little worried about what happens if somebody else uses the same
> shared memory key as samba: From what I have seen, if somebody else (in
> particular an unprivileged user) creates a SHM segment with the correct
> key they can prevent any SMBD from starting on the system.
>
> This is because we check that root created the shm segment before we use
> it.
>
> With the recent changes to always build create the profiling shared
> memory area - and the dropping of the root-ownership check, I'm a little
> worried about the implications if we overwrite another processes data.
> (I have a patch to restore this check, in the form of
> sec_inital_uid()).
This is the patch I refer to, but there is more to this problem than
this...
Index: profile/profile.c
===================================================================
RCS file: /data/cvs/samba/source/profile/profile.c,v
retrieving revision 1.12
diff -u -r1.12 profile.c
--- profile/profile.c 18 Jul 2001 01:13:16 -0000 1.12
+++ profile/profile.c 7 Sep 2001 10:55:27 -0000
@@ -130,12 +130,10 @@
return False;
}
-#if 0
- if (shm_ds.shm_perm.cuid != 0 || shm_ds.shm_perm.cgid != 0) {
- DEBUG(0,("ERROR: root did not create the shmem\n"));
+ if (shm_ds.shm_perm.cuid != sec_initial_uid() || shm_ds.shm_perm.cgid
!= sec_initial_gid()) {
+ DEBUG(0,("ERROR: we did not create the shmem (owned by another
user)\n"));
return False;
}
-#endif
if (shm_ds.shm_segsz != sizeof(*profile_h)) {
DEBUG(0,("WARNING: profile size is %d (expected %d). Deleting\n",
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list