1
Description: fix permission bypass via incorrect CAP_DAC_OVERRIDE handling.
2
Origin: upstream, pulled from 3.4.7
4
diff -Nur samba-3.4.6~dfsg/source3/include/smb.h samba-3.4.6~dfsg.new/source3/include/smb.h
5
--- samba-3.4.6~dfsg/source3/include/smb.h 2010-02-23 04:35:42.000000000 -0500
6
+++ samba-3.4.6~dfsg.new/source3/include/smb.h 2010-03-08 17:50:44.000000000 -0500
9
KERNEL_OPLOCK_CAPABILITY,
10
DMAPI_ACCESS_CAPABILITY,
17
diff -Nur samba-3.4.6~dfsg/source3/lib/system.c samba-3.4.6~dfsg.new/source3/lib/system.c
18
--- samba-3.4.6~dfsg/source3/lib/system.c 2010-02-23 04:35:42.000000000 -0500
19
+++ samba-3.4.6~dfsg.new/source3/lib/system.c 2010-03-08 17:50:44.000000000 -0500
22
#if defined(HAVE_POSIX_CAPABILITIES)
24
-/* This define hasn't made it into the glibc capabilities header yet. */
25
-#ifndef SECURE_NO_SETUID_FIXUP
26
-#define SECURE_NO_SETUID_FIXUP 2
29
/**************************************************************************
30
Try and abstract process capabilities (for systems that have them).
31
****************************************************************************/
36
-#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)
37
- /* New way of setting capabilities as "sticky". */
40
- * Use PR_SET_SECUREBITS to prevent setresuid()
41
- * atomically dropping effective capabilities on
42
- * uid change. Only available in Linux kernels
46
- * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
49
- * Specifically the CAP_KILL capability we need
50
- * to allow Linux threads under different euids
51
- * to send signals to each other.
54
- if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
55
- DEBUG(0,("set_process_capability: "
56
- "prctl PR_SET_SECUREBITS failed with error %s\n",
64
DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
66
cap_vals[num_cap_vals++] = CAP_LEASE;
69
- case KILL_CAPABILITY:
71
- cap_vals[num_cap_vals++] = CAP_KILL;
76
SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));
82
- * Ensure the capability is effective. We assume that as a root
83
- * process it's always permitted.
86
- if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
87
- enable ? CAP_SET : CAP_CLEAR) == -1) {
88
- DEBUG(0, ("set_process_capability: cap_set_flag effective "
89
- "failed (%d): %s\n",
95
+ cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
96
+ enable ? CAP_SET : CAP_CLEAR);
98
/* We never want to pass capabilities down to our children, so make
99
* sure they are not inherited.
101
- if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
102
- cap_vals, CAP_CLEAR) == -1) {
103
- DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
104
- "failed (%d): %s\n",
110
+ cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
112
if (cap_set_proc(cap) == -1) {
113
- DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",
115
+ DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",
119
diff -Nur samba-3.4.6~dfsg/source3/smbd/server.c samba-3.4.6~dfsg.new/source3/smbd/server.c
120
--- samba-3.4.6~dfsg/source3/smbd/server.c 2010-03-08 17:50:34.000000000 -0500
121
+++ samba-3.4.6~dfsg.new/source3/smbd/server.c 2010-03-08 17:50:44.000000000 -0500
122
@@ -1031,14 +1031,6 @@
123
gain_root_privilege();
124
gain_root_group_privilege();
127
- * Ensure we have CAP_KILL capability set on Linux,
128
- * where we need this to communicate with threads.
129
- * This is inherited by new threads, but not by new
130
- * processes across exec().
132
- set_effective_capability(KILL_CAPABILITY);
134
fault_setup((void (*)(void *))exit_server_fault);
135
dump_core_setup("smbd");