se-samba - a possible way to get round no seteuid

[Luke Kenneth Casson Leighton]

i'm just investigating exim4 to put in some hacks to make it
possible to transition between different executables.

exim4 does a lot of execve'ing about, but it's always to the
same executable name (i.e. /usr/sbin/exim4).

russell's idea is to make exim4 execve to different executable
names, and then a different context can be associated with each
purpose.

then, a set of capabilities can be associated with each executable,
which will of course do a straight execve to /usr/sbin/exim4 -
taking the new context with it.

it occurred to me that a similar approach could be taken with samba.

instead of doing a seteuid back to root, you do an execve to
an executable named samba-root.

or, in the main loop, you do an execve() to an executable named
smbd-child, and then do a setuid, and when you're done, you do
an execve back to smbd.

it's a hell of a lot simpler approach than messing about with
proxying and a darn site simpler than doing a rewrite of samba
to do user-space checking.

and you could potentially just leave this approach compiled in
by default, and, like with exim4, just symbolic link 
/usr/sbin/smbd-child to /usr/sbin/smbd for non-selinux systems.

l.

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl at lkcl.net"> lkcl at lkcl.net </a> <br />