se-samba - a possible way to get round no seteuid

[Russell Coker]

On Fri, 11 Jun 2004 06:13, Luke Kenneth Casson Leighton <lkcl at lkcl.net> wrote:
> > > instead of doing a seteuid back to root, you do an execve to
> > > an executable named samba-root.
> >
> > That doesn't work.  There are more possible UIDs than the root file
> > system may have Inodes...
>
>  ? i am confused.  by execve'ing back to a context, shall we call it
>  smbd_as_root_t, what connection does that have to UIDs?

The idea for Exim is that you have a set of wrapper binaries already there on 
disk.  If a particular installation of Exim doesn't use one of the ~6 
wrappers that are installed then it's only a waste of 4K of disk space.

If we do the same mechanism for each UID then we have many more executables, 
or we have to allow the daemon to create new executables which also adds more 
coding.

>  ah, remember that you can have several UIDs over the same TCP
>  connection (and multiple SMBsessionsetupX's to represent each
>  and you get these SMB-MIDs - multiplexing ids - to represent
>  each SMB session over the same TCP session),

[...]

>  i thought that instead of having the seteuid and back to root,
>  you could execve back to the "smbd_as_root_t context".

True, but re-execing requires serialising all the data to a file, shared 
memory region, or something else that will survive past an exec.  That's pain 
that we don't want to go through any more often than is necessary.

>  - smbd_the_daemon (waiting for connections)
>
>  ... which transitions on a fork to...
>
>  - smbd_as_root_t (dealing with "connections")
>
>  ... which can transition to ...

How about just smbd_the_daemon which can transition to smbd_as_a_user?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page