I have a security-sensitive customer...
David.Collier-Brown at Sun.COM
Thu May 19 14:23:34 GMT 2005
Andrew Bartlett wrote:
> No. See the smbd always has the saved uid of root, so can always (next
> instruction) ask the kernel to make them root again. Samba does this
> all the time, and I'm pretty sure that's what the various exploits for
> Samba over time have done.
Excellent, that's a really **good** argument that it's
> All that has changed is where we spend the idle loop. Previously we
> would spend the idle loop in the context of the last user, hoping we
> would be that user again. Now we return to root sooner.
> You could make that argument if it makes the customer happy. Like a
> kernel, Samba itself is a trusted process (see the discussion about
> selinux on how it just is not possible to make samba otherwise).
> Perhaps the fact that 2.2 has known security holes will help them decide
> that real exploits trump theoretical ideas?
Yes, if I can remove the theoretical problem which is of the
type "you'll always be screwed", then I can argue the the
practical problems of holes in 2.X.
Theoretical trumps practical in this case: these folks
arguably ought to be running TS or SEL (Trusted Solaris
or Security Enhanced Linux). I'm going to start the
Solaris 10 zones discussion next...
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at canada.sun.com | -- Mark Twain
(416) 263-5733 (x65733) |
More information about the samba-technical