smbpasswd and euid detection

Craig Kelley ink at
Thu Jan 2 20:28:00 GMT 2003

On Thu, 2 Jan 2003, Steve Langasek wrote:

> On Thu, Jan 02, 2003 at 10:47:32AM -0700, Craig Kelley wrote:
> > For some time now, I've been patching smbpasswd to get rid of the 
> > effective UID "detection" that it does.  In 2.2.7a it simply tests if the 
> > effective UID differs from the real UID, and if the effective UID is 
> > 'root' then it bails:
> >    /* Check the effective uid - make sure we are not setuid */
> >    if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0))
> > This test will bail out if smbpasswd isn't suid 0, but the process that
> > calls it is (eg, a utility agent for changing passwords and such).  I've 
> > made a preliminary diff to actually stat() the executable to determine if 
> > it is suid 0:
> Why does your suid application not either assume full root privileges, or
> drop all such privileges, before exec()ing smbpasswd?

Hi Steve,

I've considered that, but thought of it more as treating the symptom 
instead of the cause.  A better question may be, why even check for suid?  
Why should smbpasswd even care if it's running with effective privileges?  
The naive may confuse it with the UNIX passwd program, which is suid root 
on some systems, but those with that much knowledge surely understand the 
ramifications of giving superuser privileges to an executable.

I can't recall any other userland tool that I've used checking for 
effective = real root privileges (well, I suppose perl is able to, but 
that behavior can be disabled).  I know that in the 1.x days, it didn't 
check until a certain version in which it was turned on; probably for 
security reasons (?)

Craig Kelley  -- kellcrai at
Turn In Your Neighbor Today! finger ink at for PGP block

More information about the samba-technical mailing list