dynamic context transitions

Simo Sorce idra at samba.org
Sun Nov 14 16:26:55 GMT 2004


On Sun, 2004-11-14 at 17:24, Luke Kenneth Casson Leighton wrote:

> On Sun, Nov 14, 2004 at 10:22:31PM +1100, Andrew Bartlett wrote:

> > What you want is a way to demultiplex the protocol stream based on VUID,
> 
>  yes - that was the aim [of using an smb proxy to another smbd server].
> 
> 
>  and doing that [demultiplexing... VUID] would solve a lot
>  more than just this problem: there's still the long-standing
>  issue which is best shown up by having a multi-threaded
>  win32 benchmark program, where you set up many threads all
>  of which do reads and writes to massively large files, which
>  get multiplexed down to a single smbd.
> 
>  under these circumstances you end up with one thread hogging
>  all the bandwidth until the large file write from one thread
>  is completed, and then one other random client thread ends up being
>  activated.
> 
>  ... not exactly expected behaviour!

In samba4 we have process, single AND thread model and a operations are
async so this will not be a problem anymore.
Btw, from tests seem that in threaded model performance suck anyway :)

> > but even if we get that (and perhaps the 'terminal server' case will
> > cause such a proxy to be written), we still have the problem of needing
> > to become root for some operations.  
> 
>  well (as you and others are in a position to appreciate)
>  i really don't want to get into this in detail but i think
>  you will find that if you follow the tng architecture -
>  namely to split services out into separate daemons - then
>  that problem goes away.

Not at all, there are operations that we must be able to do and that
posix allow only for root, so unlike you propose to run always as root,
we need to go root and back from time to time.
Look at smbd sources and grep for become_root() and you'll find out why.

>  from an selinux security perspective, the tng architecture
>  is much more amenable to being "locked down".  each service
>  (e.g. spoolssd) can be given access to ONLY the required
>  commands (e.g. lpr) it needs to execute to do its job, ONLY
>  the files it needs (e.g. /var/spool/).
> 
>  the point of selinux is to give programs the absolute minimum required
>  policy to operate.

Yes, but samba need to do a lot of things, and a mere split down in
daemons doesn't make it any better from this point of view, smbd will
still need to go root and back, unless you want to break compatibility.

Simo.

-- 
Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it



More information about the samba-technical mailing list