Should samba become_root() before calling panic action?

Steve Langasek vorlon at netexpress.net
Wed Apr 9 18:18:37 GMT 2003


On Wed, Apr 09, 2003 at 09:33:30AM +1000, Andrew Bartlett wrote:
> On Wed, 2003-04-09 at 04:39, MCCALL,DON (HP-USA,ex1) wrote:
> > Might it be better to leave this to the panic script itself; ie
> > require a 'su' to root in the panic script to ensure that it run as
> > root to do the gdb backtrace???
> > Not completely secure either, but putting responsibility into the *ux
> > admin's hands might be safer than preempting that choice in our code...
> > hope this helps,
> > Don

> Well, the script would run with the same privilages as smbd - that is,
> the right to regain root - so it would just be a small matter of
> adjusting the effective uid back again.

On most systems I'm familiar with, the euid is not saved across the
exec() boundary.  So you can only run the panic action with root privs if
the calling process's real uid (not just the effective uid) is 0.

> We might as well do it ourselves - just watch the linking stuff -
> smb_panic() isn't only smbd I think...

True.  I seem to recall some other reason why I found it would be
beneficial to provide {un,}become_root() dummy functions for apps that
don't run with true root privs.

Cheers,
-- 
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030409/943bf1fd/attachment.bin


More information about the samba-technical mailing list