[BUG] What if sombody uses our PROF_SHMEM_KEY?
Jim McDonough
jmcd at us.ibm.com
Fri Sep 7 06:05:01 GMT 2001
Andrew Bartlett wrote:
>
> I'm a little worried about what happens if somebody else uses the same
> shared memory key as samba: From what I have seen, if somebody else (in
> particular an unprivileged user) creates a SHM segment with the correct
> key they can prevent any SMBD from starting on the system.
>
I'm curious...is there a reason why a fixed key is used? That's the whole
purpose of ftok(). I know, I know, you can create duplicate keys if a
fs/dev has more than 65K inodes used, and yes, I've seen in happen before.
> This is because we check that root created the shm segment before we use
> it.
>
> With the recent changes to always build create the profiling shared
> memory area - and the dropping of the root-ownership check, I'm a little
> worried about the implications if we overwrite another processes data.
> (I have a patch to restore this check, in the form of
> sec_inital_uid()).
Checking that who created it doesn't guarantee anything. It may not even
save many headaches... Shouldn't the check include checking the magic
number and version? Wouldn't that go a whole lot further in verifying that
we're not overwriting another processes data? What is the purpose of the
magic number, if not for a check?
----------------------------
Jim McDonough
IBM Linux Technology Center
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list