Should samba become_root() before calling panic action?

MCCALL,DON (HP-USA,ex1) don_mccall at
Tue Apr 8 18:39:53 GMT 2003

Might it be better to leave this to the panic script itself; ie
require a 'su' to root in the panic script to ensure that it run as
root to do the gdb backtrace???
Not completely secure either, but putting responsibility into the *ux
admin's hands might be safer than preempting that choice in our code...
hope this helps,

> -----Original Message-----
> From: Steve Langasek [mailto:vorlon at]
> Sent: Tuesday, April 08, 2003 14:29
> To: samba-technical at
> Subject: Should samba become_root() before calling panic action?
> Hello,
> The printing problems in 3.0 alpha23 have also brought to light a
> lower-priority issue within Samba's panic action handling.  I have a
> panic action script for Debian which is configured to 
> automatically mail
> the admin a backtrace if gdb is installed.  However, with the 
> latest bug
> we're seeing an empty backtrace instead, and I believe this is because
> the spawned gdb process doesn't have permission to ptrace the smbd
> process, due to the crash occurring in a part of the code where Samba
> has assumed the user's uid.
> This could be fixed by calling become_root() before invoking the panic
> action script.  Do people think that would be reasonable?  It does
> represent a marginal security risk; even if the Samba code is 
> completely
> bug-free, if a local admin has configured a bad panic action, a user
> could kill -SEGV his own Samba process to trigger running a 
> potentially
> damaging script as root.  OTOH, being able to get instant 
> backtraces is
> definitely a debugging boon.
> Anyone feel strongly about this?
> Regards,
> -- 
> Steve Langasek
> postmodern programmer

More information about the samba-technical mailing list