Gencache fails to open gencache.tdb

Andrew Bartlett abartlet at samba.org
Thu Feb 6 06:46:46 GMT 2003


On Thu, 2003-02-06 at 10:10, Tim Potter wrote:
> On Thu, Feb 06, 2003 at 12:06:04AM +0100, Rafal Szczesniak wrote:
> 
> > > Attached patch can be seen as proposal to discuss behavior of gencache in
> > > case when it is used in applications running under non-priviledged
> > > accounts so that O_RDWR|O_CREAT always fails against system-wide
> > > lock_path("gencache.tdb") (which is usually created by smbd/nmbd).
> > > 
> > > The patch adds error resistence and tries to re-open gencache.tdb in
> > > O_RDONLY mode if O_RDWR|O_CREAT failed. This allows the application to use
> > > existing entries but forbids cache updates.
> > 
> > I understand your idea, but it's useful only when another root-privileged
> > process is able to update the cache contents (like parent process ?).
> > Otherwise, only per-user cache makes sense when it comes to being useful.
> 
> It is actually slightly useful.  If you are a user process running on a
> Samba server, then you can share the up to date cache data that is
> generated by smbd and nmbd.  You're right though in the fact that you
> can't update it or expire old entries.
> 
> I still think it's useful though.

One of the problems is that gencache can be used to store all sorts of
information.  For example I want to move netlogon_unigroup.tdb into it,
and possibly more sensitive information in future.

My worry is that we could leak information this way.  I'm also told that
there could be issues with the ability to 'block' smbd with byte-range
read-locking on that database.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030206/64021ef7/attachment.bin


More information about the samba-technical mailing list