I have a security-sensitive customer...

David Collier-Brown David.Collier-Brown at Sun.COM
Thu May 19 14:23:34 GMT 2005

Andrew Bartlett wrote:
> No.  See the smbd always has the saved uid of root, so can always (next
> instruction) ask the kernel to make them root again.  Samba does this
> all the time, and I'm pretty sure that's what the various exploits for
> Samba over time have done.

	Excellent, that's a really **good** argument that it's
 	the same!

> All that has changed is where we spend the idle loop.  Previously we
> would spend the idle loop in the context of the last user, hoping we
> would be that user again.  Now we return to root sooner.
> You could make that argument if it makes the customer happy.  Like a
> kernel, Samba itself is a trusted process (see the discussion about
> selinux on how it just is not possible to make samba otherwise).

> Perhaps the fact that 2.2 has known security holes will help them decide
> that real exploits trump theoretical ideas?

	Yes, if I can remove the theoretical problem which is of the
	type "you'll always be screwed", then I can argue the the
	practical problems of holes in 2.X.

	Theoretical trumps practical in this case: these folks
	arguably ought to be running TS or SEL (Trusted Solaris
	or Security Enhanced Linux). I'm going to start the
	Solaris 10 zones discussion next...

	Thanks, Andrew!

David Collier-Brown,      | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at canada.sun.com     |                      -- Mark Twain
(416) 263-5733 (x65733)   |

More information about the samba-technical mailing list