thread pool helpers

Gerald Carter jerry at plainjoe.org
Thu Apr 30 14:56:37 GMT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tridge at samba.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hi Jerry,
> 
>> Nope.  Access checks are in users space. 
> 
> do you do anything to combat the race conditions? For example, a user
> might exploit a user space access check by doing this:
> 
>   while :; do
>   	ln -sf /etc/shadow /home/baduser/myfile.txt
>   	ln -sf /home/baduser/innocent.txt /home/baduser/myfile.txt
>   done
> 
> then try to access myfile.txt via SMB. If the access check happens
> while the file points at innocent.txt and the real open happens while
> pointing at /etc/shadow then the user will end up opening
> /etc/shadow. Implementing the above hack in C raises the chances of
> success as well.
> 
> You can do inode number checks to combat this a bit, but that doesn't
> work for newly created files in sensitive locations.

Honestly, right now it doesn't.  I'm still working on it.
But for a create disposition of FILE_OPEN, technically
you could open() and operate on the fd exclusively.  SO
right now this would be something like:

   fd = open()
   secdesc = GetSecurityDescriptor(fd)
   if (!RtlAccessCheck(token, secdesc)) {
      close(fd)
   }
   SaveFdToFileHandle(fd)

Do you agree?

The create/overwrite is a little tricker.  I'll have
to think about an answer for those cases more.

>>  However, for platforms that could give me a per 
>> thread setreuid(), I would look at using that.
> 
> strangely enough, the Linux kernel can give you that, 
> if you bypass glibc and use syscall() to change your euid.

Ahh...I thought this was considered a bug and disabled in
newer kernels.  Sounds like I need to go back and read
up some more.

> Rusty is currently trying to build "libantithread" which 
> tries to provide this functionality on top of fork().
> 
> See http://ccan.ozlabs.org/info/antithread.html

Cool.  Thanks for the link.





cheers, jerry
- --
=====================================================================
http://git.plainjoe.org/                                         CODE
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ+bwlIR7qMdg1EfYRApFwAJ9sNJEADIPUNpOjVvEnmC3jgQJmywCfU+fQ
IkWRFEx222NpvZopIYS4TJ0=
=yEMN
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list