Hello Samba folks; For some time now, I've been patching smbpasswd to get rid of the effective UID "detection" that it does. In 2.2.7a it simply tests if the effective UID differs from the real UID, and if the effective UID is 'root' then it bails:
/* Check the effective uid - make sure we are not setuid */ if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) This test will bail out if smbpasswd isn't suid 0, but the process that calls it is (eg, a utility agent for changing passwords and such). I've made a preliminary diff to actually stat() the executable to determine if it is suid 0: http://otc.isu.edu/smbpasswd-euid.diff -- Craig Kelley -- [EMAIL PROTECTED] Turn In Your Neighbor Today! http://www.bsa.org/usa/report/report.php http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
