se-samba - a possible way to get round no seteuid
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Wed Jun 9 10:03:45 GMT 2004
i'm just investigating exim4 to put in some hacks to make it
possible to transition between different executables.
exim4 does a lot of execve'ing about, but it's always to the
same executable name (i.e. /usr/sbin/exim4).
russell's idea is to make exim4 execve to different executable
names, and then a different context can be associated with each
then, a set of capabilities can be associated with each executable,
which will of course do a straight execve to /usr/sbin/exim4 -
taking the new context with it.
it occurred to me that a similar approach could be taken with samba.
instead of doing a seteuid back to root, you do an execve to
an executable named samba-root.
or, in the main loop, you do an execve() to an executable named
smbd-child, and then do a setuid, and when you're done, you do
an execve back to smbd.
it's a hell of a lot simpler approach than messing about with
proxying and a darn site simpler than doing a rewrite of samba
to do user-space checking.
and you could potentially just leave this approach compiled in
by default, and, like with exim4, just symbolic link
/usr/sbin/smbd-child to /usr/sbin/smbd for non-selinux systems.
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
<a href="http://lkcl.net"> lkcl.net </a> <br />
<a href="mailto:lkcl at lkcl.net"> lkcl at lkcl.net </a> <br />
More information about the samba-technical