On Friday 06 June 2008 20:41, Gerald (Jerry) Carter wrote: > Gustavo Homem wrote: > > On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote: > >> Gustavo Homem wrote: > >>> Hi, > >>> > >>> The announcement states: > >>> > >>> "Secunia Research reported a vulnerability that allows for > >>> the execution of arbitrary code in smbd" > >>> > >>> Does this means arbitrary code executed "as root" ou as the user that > >>> is authenticaded after smdb drops privilegies? > >> > >> Potentially either. smbd never drops privileges and can always > >> re-become root. > > > > Are you sure about this? > > > > ├─smbd─┬─2*[smbd] > > │ ├─smbd(gustavo) > > │ └─smbd(asdrubal) > > > > From pstree I allways see an smbd process for each user mount. > > Yeah. I'm sure. :-) We change to the effective id of the > user to perform certain operations. And then changes back > to root when done (with some optimizations to minimize the > number of security context switches).
Understood. Thanks for the explanation. > > > What I want to know is if the vulnerable call is run as the local user or > > root. > > Potentially either. Treat this as a potential remote root > code execution although I've only seen PoC code for clients. ?? Does this vulnerability also affect the samba clients if connecting to an infected server? Best regards Gustavo -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
