Changing back to per-thread credentials on Linux (fixing native AIO).

Jeremy Allison jra at
Sun Jul 1 07:57:45 MDT 2012

On Sun, Jul 01, 2012 at 10:42:09AM +0200, Volker Lendecke wrote:
> Hi, Jeremy!
> On Wed, Jun 27, 2012 at 09:51:12AM -0700, Jeremy Allison wrote:
> > Comments please !
> IMHO we need to block or redirect all use of the glibc
> setX[ug]id calls with LD_PRELOAD or an equivalent mechanism.
> There might be external libraries subverting our security
> model by calling them.

That would be a library that had completely different
security behavior depending on whether the caller was
running as root or not, as these functions only work
as root.

That would be a security nightmare and I can't think
of any such library, and as Simo points out would also
not be thread-safe.

Remember the userspace NFS server ganesha also depends
on making these syscalls directly, so they would also
have the same problems.

This just isn't credible.


More information about the samba-technical mailing list