2009/184 SMB/CIFS Share Exec Properties

[Nicolas Williams]

On Mon, Mar 23, 2009 at 09:38:15AM +0000, Darren J Moffat wrote:
> >    The following privileges are enabled for the exec'd process:

"enabled" is not very specific.  Between the above and this:

> >                 The command will be executed using the credentials
> >     of the smbd daemon, which, by default, is root/sys. 

I assume that these processes will run with all of the listed privs in E
(and with euid==0).

> >    PRIV_FILE_CHOWN, PRIV_FILE_CHOWN_SELF, PRIV_FILE_DAC_EXECUTE,
> >    PRIV_FILE_DAC_READ, PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_WRITE,
> >    PRIV_FILE_LINK_ANY, PRIV_FILE_OWNER, PRIV_FILE_SETID,
> >    PRIV_PROC_EXEC, PRIV_PROC_FORK, PRIV_PROC_INFO, PRIV_PROC_OWNER,
> >    PRIV_PROC_SESSION, PRIV_PROC_SETID, PRIV_SYS_CONFIG,
> >    PRIV_SYS_LINKDIR, and PRIV_SYS_MOUNT.
> 
> Where did this list of privileges come from (other than those in the 
> basic set)?  Why this list and in particular why the very powerful 
> sys_config ?

euid == 0 + PRIV_FILE_DAC_WRITE, PRIV_PROC_SETID, PRIV_PROC_FORK,
PRIV_PROC_EXEC -> might as well be all privileges :)

> Is it just because that is what smbd is running with ?  I want the case 
> to give the reason why this set of privileges rather than some other set 
> is the correct and useful set.

What do these hooks need to do?  I imagine they need to be able to
create ZFS datasets, setup home directories, etcetera.  For some tasks
they'll need effectively all privileges.

Nico
--