diff options
| author | Karolin Seeger <kseeger@samba.org> | 2010-03-08 21:08:36 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2010-03-08 21:08:36 +0100 |
| commit | 007f9c90e952aeea2d8f73cff3ccd0f747a9c06e (patch) | |
| tree | a14b540a80f8a66fc6725b5dc97140f2c36182f7 | |
| parent | cb608fef71f9da629a1858cd1d6c8b19e27e6655 (diff) | |
| download | samba-007f9c90e952aeea2d8f73cff3ccd0f747a9c06e.tar.gz samba-007f9c90e952aeea2d8f73cff3ccd0f747a9c06e.tar.xz samba-007f9c90e952aeea2d8f73cff3ccd0f747a9c06e.zip | |
Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write."samba-3.3.12
This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc.
This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728).
| -rw-r--r-- | source/include/smb.h | 3 | ||||
| -rw-r--r-- | source/lib/system.c | 65 | ||||
| -rw-r--r-- | source/smbd/server.c | 8 |
3 files changed, 5 insertions, 71 deletions
diff --git a/source/include/smb.h b/source/include/smb.h index 3825c6397ef..327f2129067 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -1684,8 +1684,7 @@ minimum length == 18. enum smbd_capability { KERNEL_OPLOCK_CAPABILITY, DMAPI_ACCESS_CAPABILITY, - LEASE_CAPABILITY, - KILL_CAPABILITY + LEASE_CAPABILITY }; /* if a kernel does support oplocks then a structure of the following diff --git a/source/lib/system.c b/source/lib/system.c index fd18928598c..36745b112f0 100644 --- a/source/lib/system.c +++ b/source/lib/system.c @@ -705,11 +705,6 @@ int sys_chroot(const char *dname) #if defined(HAVE_POSIX_CAPABILITIES) -/* This define hasn't made it into the glibc capabilities header yet. */ -#ifndef SECURE_NO_SETUID_FIXUP -#define SECURE_NO_SETUID_FIXUP 2 -#endif - /************************************************************************** Try and abstract process capabilities (for systems that have them). ****************************************************************************/ @@ -740,32 +735,6 @@ static bool set_process_capability(enum smbd_capability capability, } #endif -#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP) - /* New way of setting capabilities as "sticky". */ - - /* - * Use PR_SET_SECUREBITS to prevent setresuid() - * atomically dropping effective capabilities on - * uid change. Only available in Linux kernels - * 2.6.26 and above. - * - * See here: - * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html - * for details. - * - * Specifically the CAP_KILL capability we need - * to allow Linux threads under different euids - * to send signals to each other. - */ - - if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) { - DEBUG(0,("set_process_capability: " - "prctl PR_SET_SECUREBITS failed with error %s\n", - strerror(errno) )); - return false; - } -#endif - cap = cap_get_proc(); if (cap == NULL) { DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n", @@ -794,11 +763,6 @@ static bool set_process_capability(enum smbd_capability capability, cap_vals[num_cap_vals++] = CAP_LEASE; #endif break; - case KILL_CAPABILITY: -#ifdef CAP_KILL - cap_vals[num_cap_vals++] = CAP_KILL; -#endif - break; } SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals)); @@ -808,37 +772,16 @@ static bool set_process_capability(enum smbd_capability capability, return True; } - /* - * Ensure the capability is effective. We assume that as a root - * process it's always permitted. - */ - - if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, - enable ? CAP_SET : CAP_CLEAR) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag effective " - "failed (%d): %s\n", - (int)capability, - strerror(errno))); - cap_free(cap); - return false; - } + cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, + enable ? CAP_SET : CAP_CLEAR); /* We never want to pass capabilities down to our children, so make * sure they are not inherited. */ - if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, - cap_vals, CAP_CLEAR) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag inheritable " - "failed (%d): %s\n", - (int)capability, - strerror(errno))); - cap_free(cap); - return false; - } + cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR); if (cap_set_proc(cap) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n", - (int)capability, + DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n", strerror(errno))); cap_free(cap); return False; diff --git a/source/smbd/server.c b/source/smbd/server.c index 23c8c12a625..51294847307 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -1240,14 +1240,6 @@ extern void build_options(bool screen); gain_root_privilege(); gain_root_group_privilege(); - /* - * Ensure we have CAP_KILL capability set on Linux, - * where we need this to communicate with threads. - * This is inherited by new threads, but not by new - * processes across exec(). - */ - set_effective_capability(KILL_CAPABILITY); - fault_setup((void (*)(void *))exit_server_fault); dump_core_setup("smbd"); |