On Thu, 2 Jan 2003, Steve Langasek wrote: > On Thu, Jan 02, 2003 at 10:47:32AM -0700, Craig Kelley wrote: > > For some time now, I've been patching smbpasswd to get rid of the > > effective UID "detection" that it does. In 2.2.7a it simply tests if the > > effective UID differs from the real UID, and if the effective UID is > > 'root' then it bails: > > > /* Check the effective uid - make sure we are not setuid */ > > if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) > > > This test will bail out if smbpasswd isn't suid 0, but the process that > > calls it is (eg, a utility agent for changing passwords and such). I've > > made a preliminary diff to actually stat() the executable to determine if > > it is suid 0: > > Why does your suid application not either assume full root privileges, or > drop all such privileges, before exec()ing smbpasswd?
Hi Steve, I've considered that, but thought of it more as treating the symptom instead of the cause. A better question may be, why even check for suid? Why should smbpasswd even care if it's running with effective privileges? The naive may confuse it with the UNIX passwd program, which is suid root on some systems, but those with that much knowledge surely understand the ramifications of giving superuser privileges to an executable. I can't recall any other userland tool that I've used checking for effective = real root privileges (well, I suppose perl is able to, but that behavior can be disabled). I know that in the 1.x days, it didn't check until a certain version in which it was turned on; probably for security reasons (?) -- Craig Kelley -- [EMAIL PROTECTED] Turn In Your Neighbor Today! http://www.bsa.org/usa/report/report.php http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
