Changing back to per-thread credentials on Linux (fixing native AIO).
jra at samba.org
Sun Jul 1 07:57:45 MDT 2012
On Sun, Jul 01, 2012 at 10:42:09AM +0200, Volker Lendecke wrote:
> Hi, Jeremy!
> On Wed, Jun 27, 2012 at 09:51:12AM -0700, Jeremy Allison wrote:
> > Comments please !
> IMHO we need to block or redirect all use of the glibc
> setX[ug]id calls with LD_PRELOAD or an equivalent mechanism.
> There might be external libraries subverting our security
> model by calling them.
That would be a library that had completely different
security behavior depending on whether the caller was
running as root or not, as these functions only work
That would be a security nightmare and I can't think
of any such library, and as Simo points out would also
not be thread-safe.
Remember the userspace NFS server ganesha also depends
on making these syscalls directly, so they would also
have the same problems.
This just isn't credible.
More information about the samba-technical