Re: Serious security hole in Samba

To: peloy@ven.ra.rockwell.com (Eloy A. Paris)
Cc: joost@rulcmc.leidenuniv.nl, debian-devel@lists.debian.org
Subject: Re: Serious security hole in Samba
From: joost@rulcmc.leidenuniv.nl (joost witteveen)
Date: Mon, 29 Sep 1997 19:29:16 +0200 (CEST)
Message-id: <[🔎] m0xFjdE-000CL6C@rulcmc.leidenuniv.nl>
In-reply-to: <[🔎] 3.0.3.32.19970929112543.00703118@zeus.ven.ra.rockwell.com> from "Eloy A. Paris" at "Sep 29, 97 11:25:43 am"

> Hi,
> 
> At 11:52 AM 9/29/97 +0200, joost witteveen wrote:
> 
> >I've uploaded a libc5 samba version yesterday, that should make it's
> >way to bo-fixed quickly.
> 
> Great! Did you fix the bug in the prerm that causes it to fail
> (start-stop-daemon has to be run with the --oknodo flag)?
> 
> >Libc6? But libpam etc aren't libc6 yet. How did you make samba libc6 then?
> 
> Samba is dinamically linked against libpam so the Samba maintainer can
> really upload a libc6 version of Samba with no problems no matter libpam is
> linked against libc5 or libc6.

Please, note that David Engel (the author of ld.so) adviced us that
this is _not_ true.

Doing the above _may_ seem to work, but it may very well result in
misterious segfaults in the resulting package. For example, say
libpam defines a function

   foopass (uid_t uid, char *user, gid_t gid, char *group );

Then, if samba (libc6 compiled) calls that function, uid_t and gid_t
will be 4 bytes long each (new in libc6), but libpam expects those
variables to be 2 bytes long each (libc5). Needless to say, things
may go wrong.

> As an example, these are the dependencies for both nmbd and smbd:
> 
> bestia:~# ldd `which nmbd smbd`
> /usr/sbin/nmbd:
>         libnsl.so.1 => /lib/libnsl.so.1 (0x4000d000)
>         libcrypt.so.1 => /lib/libcrypt.so.1 (0x40012000)
>         libdl.so.2 => /lib/libdl.so.2 (0x4003f000)
>         libpam.so.0 => /usr/lib/libpam.so.0 (0x40042000)
>         libc.so.6 => /lib/libc.so.6 (0x40048000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> /usr/sbin/smbd:
>         libnsl.so.1 => /lib/libnsl.so.1 (0x4000d000)
>         libcrypt.so.1 => /lib/libcrypt.so.1 (0x40012000)
>         libdl.so.2 => /lib/libdl.so.2 (0x4003f000)
>         libpam.so.0 => /usr/lib/libpam.so.0 (0x40042000)
>         libc.so.6 => /lib/libc.so.6 (0x40048000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> 
> As you see, there are no libc5 dependencies, just libc6. 

OK, apparently in your case gcc was able to link the final binary.
On my system, gcc wasn't able to do so, and probably rightly so.
I don't know what it was, but I suspect it had to do with my system
being very recent-unstable. On a pure bo system, I was able to create
a libc5 binary, but on my system I couldn't create the libc5 binary 
eighter.

Note that you _do_ have "hidden" libc5 dependencies, as libpam depends
on libc5. Only not explicit, so ldd doesn't notice (and ld.so doesn't
notice, you only may notice after a while with segfaults or whatever).

> the libpam dependencies. These programs come from my Debian package for
> Samba 1.9.17p2 linked against libc6 and are running just fine in a libc6
> system (both libc5 and libc6, actually).

Yeah, a lot of programmes appear to run fine this way. But that realy
must be just luck, and I also know programmes that fail in very
misterious ways. I wouldn't want debian's security fix-release of
samba to be one of those.

> 
> >And about compiling samba libc6: All I had to do was change a few includes,
> >and it compiled fine. It just didn't link, so I gave up making a libc6
> >package.
> 
> Why do you say it didn't link? It should link just fine, provided you set
> the right libraries in the Makefile (in debian/rules for a Debian package,
> actually). You have to use "LIBSM=-lnsl -lcrypt" for the link to succeed.

No, when I noticed it was really going wrong was when I saw
missing dlopen etc symbols. I really had the "-ldl" on the commandline,
but still they wouldn't disappear. This must be because my libc5/libc6
libraries are somewhat more recent than yours, and have more explicid
libc dependancies. (I upgraded my unstable system only last friday).
But the mixed libc5/libc6 samba you have really cannot be thought
of as "truely" stable (OK, it appears to work, but given that there
is such a big opportunity for segfaults, I wouldn't think it's any
safer than what we had before).

-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Serious security hole in Samba
  - From: "Eloy A. Paris" <peloy@ven.ra.rockwell.com>

References:
- Re: Serious security hole in Samba
  - From: "Eloy A. Paris" <peloy@ven.ra.rockwell.com>

Prev by Date: Re: autobuilding, pgp signing, security
Next by Date: Re: autobuilding, pgp signing, security
Previous by thread: Re: Serious security hole in Samba
Next by thread: Re: Serious security hole in Samba
Index(es):
- Date
- Thread