Should samba become_root() before calling panic action?
Steve Langasek
vorlon at netexpress.net
Tue Apr 8 18:29:27 GMT 2003
Hello,
The printing problems in 3.0 alpha23 have also brought to light a
lower-priority issue within Samba's panic action handling. I have a
panic action script for Debian which is configured to automatically mail
the admin a backtrace if gdb is installed. However, with the latest bug
we're seeing an empty backtrace instead, and I believe this is because
the spawned gdb process doesn't have permission to ptrace the smbd
process, due to the crash occurring in a part of the code where Samba
has assumed the user's uid.
This could be fixed by calling become_root() before invoking the panic
action script. Do people think that would be reasonable? It does
represent a marginal security risk; even if the Samba code is completely
bug-free, if a local admin has configured a bad panic action, a user
could kill -SEGV his own Samba process to trigger running a potentially
damaging script as root. OTOH, being able to get instant backtraces is
definitely a debugging boon.
Anyone feel strongly about this?
Regards,
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030408/63e3119d/attachment.bin
More information about the samba-technical
mailing list