Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond...

This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9.

This fixes bug #7222 (All users have full rigths on all shares)(CVE-2010-0728).
(cherry picked from commit 49fc62cc5d8bcb2ef246fa6505c99071b406c413)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 29c614bc81a1949ef321eb2745fed378ebb86a25..2a3c455f2ecb2c31ea4a48759caa66f0f0bbd7d8 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1690,8 +1690,7 @@ minimum length == 24.
 enum smbd_capability {
     KERNEL_OPLOCK_CAPABILITY,
     DMAPI_ACCESS_CAPABILITY,
-    LEASE_CAPABILITY,
-    KILL_CAPABILITY
+    LEASE_CAPABILITY
 };
 
 /*

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 6349af50725e285f486eb363ce6ff6d2d9d22f9e..e8157662bfd4d99eb3177bc7eca85983cb698517 100644 (file)
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -592,11 +592,6 @@ char *sys_getwd(char *s)
 
 #if defined(HAVE_POSIX_CAPABILITIES)
 
-/* This define hasn't made it into the glibc capabilities header yet. */
-#ifndef SECURE_NO_SETUID_FIXUP
-#define SECURE_NO_SETUID_FIXUP          2
-#endif
-
 /**************************************************************************
  Try and abstract process capabilities (for systems that have them).
 ****************************************************************************/
@@ -627,32 +622,6 @@ static bool set_process_capability(enum smbd_capability capability,
        }
 #endif
 
-#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)
-        /* New way of setting capabilities as "sticky". */
-
-       /*
-        * Use PR_SET_SECUREBITS to prevent setresuid()
-        * atomically dropping effective capabilities on
-        * uid change. Only available in Linux kernels
-        * 2.6.26 and above.
-        *
-        * See here:
-        * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
-        * for details.
-        *
-        * Specifically the CAP_KILL capability we need
-        * to allow Linux threads under different euids
-        * to send signals to each other.
-        */
-
-       if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
-               DEBUG(0,("set_process_capability: "
-                       "prctl PR_SET_SECUREBITS failed with error %s\n",
-                       strerror(errno) ));
-               return false;
-       }
-#endif
-
        cap = cap_get_proc();
        if (cap == NULL) {
                DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
@@ -679,11 +648,6 @@ static bool set_process_capability(enum smbd_capability capability,
                case LEASE_CAPABILITY:
 #ifdef CAP_LEASE
                        cap_vals[num_cap_vals++] = CAP_LEASE;
-#endif
-                       break;
-               case KILL_CAPABILITY:
-#ifdef CAP_KILL
-                       cap_vals[num_cap_vals++] = CAP_KILL;
 #endif
                        break;
        }
@@ -695,37 +659,16 @@ static bool set_process_capability(enum smbd_capability capability,
                return True;
        }
 
-       /*
-        * Ensure the capability is effective. We assume that as a root
-        * process it's always permitted.
-        */
-
-       if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
-                       enable ? CAP_SET : CAP_CLEAR) == -1) {
-               DEBUG(0, ("set_process_capability: cap_set_flag effective "
-                       "failed (%d): %s\n",
-                       (int)capability,
-                       strerror(errno)));
-               cap_free(cap);
-               return false;
-       }
+       cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+               enable ? CAP_SET : CAP_CLEAR);
 
        /* We never want to pass capabilities down to our children, so make
         * sure they are not inherited.
         */
-       if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
-                       cap_vals, CAP_CLEAR) == -1) {
-               DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
-                       "failed (%d): %s\n",
-                       (int)capability,
-                       strerror(errno)));
-               cap_free(cap);
-               return false;
-       }
+       cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
 
        if (cap_set_proc(cap) == -1) {
-               DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",
-                       (int)capability,
+               DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",
                        strerror(errno)));
                cap_free(cap);
                return False;

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 25571a9629332a5ba575a0bca6e99b451ffe8712..2c5ce4008549c3494b9ae53f269e422bd73f2304 100644 (file)
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1027,14 +1027,6 @@ extern void build_options(bool screen);
        gain_root_privilege();
        gain_root_group_privilege();
 
-       /*
-        * Ensure we have CAP_KILL capability set on Linux,
-        * where we need this to communicate with threads.
-        * This is inherited by new threads, but not by new
-        * processes across exec().
-        */
-       set_effective_capability(KILL_CAPABILITY);
-
        fault_setup((void (*)(void *))exit_server_fault);
        dump_core_setup("smbd");