Changing back to per-thread credentials on Linux (fixing native AIO).
Jeremy Allison
jra at samba.org
Sun Jul 1 07:57:45 MDT 2012
On Sun, Jul 01, 2012 at 10:42:09AM +0200, Volker Lendecke wrote:
> Hi, Jeremy!
>
> On Wed, Jun 27, 2012 at 09:51:12AM -0700, Jeremy Allison wrote:
> > Comments please !
>
> IMHO we need to block or redirect all use of the glibc
> setX[ug]id calls with LD_PRELOAD or an equivalent mechanism.
> There might be external libraries subverting our security
> model by calling them.
That would be a library that had completely different
security behavior depending on whether the caller was
running as root or not, as these functions only work
as root.
That would be a security nightmare and I can't think
of any such library, and as Simo points out would also
not be thread-safe.
Remember the userspace NFS server ganesha also depends
on making these syscalls directly, so they would also
have the same problems.
This just isn't credible.
Jeremy.
More information about the samba-technical
mailing list