Should samba become_root() before calling panic action?

Andrew Bartlett abartlet at
Tue Apr 8 23:30:30 GMT 2003

On Wed, 2003-04-09 at 04:29, Steve Langasek wrote:
> Hello,
> The printing problems in 3.0 alpha23 have also brought to light a
> lower-priority issue within Samba's panic action handling.  I have a
> panic action script for Debian which is configured to automatically mail
> the admin a backtrace if gdb is installed.  However, with the latest bug
> we're seeing an empty backtrace instead, and I believe this is because
> the spawned gdb process doesn't have permission to ptrace the smbd
> process, due to the crash occurring in a part of the code where Samba
> has assumed the user's uid.
> This could be fixed by calling become_root() before invoking the panic
> action script.  Do people think that would be reasonable?  It does
> represent a marginal security risk; even if the Samba code is completely
> bug-free, if a local admin has configured a bad panic action, a user
> could kill -SEGV his own Samba process to trigger running a potentially
> damaging script as root.  OTOH, being able to get instant backtraces is
> definitely a debugging boon.

If a user can kill an smbd then we have much bigger problems!

Can a user kill an smbd, that always has a real uid of root, and an euid
of user?

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list