Should samba become_root() before calling panic action?

Steve Langasek vorlon at
Tue Apr 8 18:29:27 GMT 2003


The printing problems in 3.0 alpha23 have also brought to light a
lower-priority issue within Samba's panic action handling.  I have a
panic action script for Debian which is configured to automatically mail
the admin a backtrace if gdb is installed.  However, with the latest bug
we're seeing an empty backtrace instead, and I believe this is because
the spawned gdb process doesn't have permission to ptrace the smbd
process, due to the crash occurring in a part of the code where Samba
has assumed the user's uid.

This could be fixed by calling become_root() before invoking the panic
action script.  Do people think that would be reasonable?  It does
represent a marginal security risk; even if the Samba code is completely
bug-free, if a local admin has configured a bad panic action, a user
could kill -SEGV his own Samba process to trigger running a potentially
damaging script as root.  OTOH, being able to get instant backtraces is
definitely a debugging boon.

Anyone feel strongly about this?

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list