smbd tries to read ~root/* files

Michael Tokarev mjt at tls.msk.ru
Thu Apr 13 18:56:48 UTC 2023 

While debugging an unrelated issue, I noticed some interesting things
in smbd strace.  Here's one example:

getpid()                                = 1078652
getuid()                                = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
lseek(4, 0, SEEK_CUR)                   = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=5976, ...}) = 0
read(4, "root:x:0:0:root:/root:/bin/bash"..., 4096) = 4096
close(4)                                = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
lseek(4, 0, SEEK_CUR)                   = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=5976, ...}) = 0
read(4, "root:x:0:0:root:/root:/bin/bash"..., 4096) = 4096
close(4)                                = 0
openat(AT_FDCWD, "/root/.krb5/config", O_RDONLY) = -1 ENOENT
openat(AT_FDCWD, "/etc/krb5.conf", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=480, ...}) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=480, ...}) = 0
read(4, "[libdefaults]\n"..., 4096) = 480

I *guess* one of those 2 /etc/passwd reads comes from getpwuid(0).
And the next thing it does is trying to open /root/.krb5/config.
Note the current uid of the process is 0, so it *can* open such
(secret) file if it existed.

Another similar example:

getuid()                                = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 29
lseek(29, 0, SEEK_CUR)                  = 0
fstat(29, {st_mode=S_IFREG|0644, st_size=5976, ...}) = 0
read(29, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096
close(29)                               = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 29
lseek(29, 0, SEEK_CUR)                  = 0
fstat(29, {st_mode=S_IFREG|0644, st_size=5976, ...}) = 0
read(29, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096
close(29)                               = 0
openat(AT_FDCWD, "/root/.hx509/config", O_RDONLY) = -1 ENOENT
openat(AT_FDCWD, "/etc/hx509.conf", O_RDONLY) = -1 ENOENT

I *guess* this comes from heimdal code (but I might be wrong),
and I think this is quite wrong to use ~root for samba configuration.


This stuff is repeated over and over again while smbd is running.
Note again: this is smbd, a file server process, while serving
files of a random regular user on the system, - it should not be
doing anything with files on home dir of another, especially
privileged, user.

This might be, at the very least, quite unexpected, - once
there's something in root's configs, samba will do stuff not
configured in smb.conf?

/mjt

More information about the samba-technical mailing list