se-samba - a possible way to get round no seteuid
Russell Coker
russell at coker.com.au
Fri Jun 11 03:56:08 GMT 2004
On Fri, 11 Jun 2004 06:13, Luke Kenneth Casson Leighton <lkcl at lkcl.net> wrote:
> > > instead of doing a seteuid back to root, you do an execve to
> > > an executable named samba-root.
> >
> > That doesn't work. There are more possible UIDs than the root file
> > system may have Inodes...
>
> ? i am confused. by execve'ing back to a context, shall we call it
> smbd_as_root_t, what connection does that have to UIDs?
The idea for Exim is that you have a set of wrapper binaries already there on
disk. If a particular installation of Exim doesn't use one of the ~6
wrappers that are installed then it's only a waste of 4K of disk space.
If we do the same mechanism for each UID then we have many more executables,
or we have to allow the daemon to create new executables which also adds more
coding.
> ah, remember that you can have several UIDs over the same TCP
> connection (and multiple SMBsessionsetupX's to represent each
> and you get these SMB-MIDs - multiplexing ids - to represent
> each SMB session over the same TCP session),
[...]
> i thought that instead of having the seteuid and back to root,
> you could execve back to the "smbd_as_root_t context".
True, but re-execing requires serialising all the data to a file, shared
memory region, or something else that will survive past an exec. That's pain
that we don't want to go through any more often than is necessary.
> - smbd_the_daemon (waiting for connections)
>
> ... which transitions on a fork to...
>
> - smbd_as_root_t (dealing with "connections")
>
> ... which can transition to ...
How about just smbd_the_daemon which can transition to smbd_as_a_user?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the samba-technical
mailing list