dynamic context transitions

Stephen Smalley sds at epoch.ncsc.mil
Mon Nov 1 20:25:21 GMT 2004

On Mon, 2004-11-01 at 15:35, Luke Kenneth Casson Leighton wrote:
>  no there is no reason why [a helper application should] not [be used].
>  i am not sure if the simple solution [that andrew and russell
>  came up with] was fully enumerated: it involves exec'ing a
>  per-user helper application which does a setuid.
>  the helper application opens files as-and-when they are needed,
>  [and also does mkdirs? and rmdirs?] and then passes the file
>  descriptor over a unix-domain-socket to the smbd process,
>  which NEVER itself does file opens under a user context.
>  i believe it then no longer becomes necessary for smbd to
>  call become_user().

Except that SELinux mediates access to file descriptors upon transfer
via local socket IPC as well as attempted use for read/write, so SELinux
is still going to apply a permission check to the parent smbd process in
that situation.  Not to mention that this no doubt has a significant

Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency

More information about the samba-technical mailing list