se-samba - a possible way to get round no seteuid

Luke Kenneth Casson Leighton lkcl at
Wed Jun 9 10:03:45 GMT 2004

i'm just investigating exim4 to put in some hacks to make it
possible to transition between different executables.

exim4 does a lot of execve'ing about, but it's always to the
same executable name (i.e. /usr/sbin/exim4).

russell's idea is to make exim4 execve to different executable
names, and then a different context can be associated with each

then, a set of capabilities can be associated with each executable,
which will of course do a straight execve to /usr/sbin/exim4 -
taking the new context with it.

it occurred to me that a similar approach could be taken with samba.

instead of doing a seteuid back to root, you do an execve to
an executable named samba-root.

or, in the main loop, you do an execve() to an executable named
smbd-child, and then do a setuid, and when you're done, you do
an execve back to smbd.

it's a hell of a lot simpler approach than messing about with
proxying and a darn site simpler than doing a rewrite of samba
to do user-space checking.

and you could potentially just leave this approach compiled in
by default, and, like with exim4, just symbolic link 
/usr/sbin/smbd-child to /usr/sbin/smbd for non-selinux systems.


expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
<a href="">      </a> <br />
<a href="mailto:lkcl at"> lkcl at </a> <br />

More information about the samba-technical mailing list