smbd segfault in assert_uid

Bug #314657 reported by Keith Matthews on 2009-01-07
4
Affects Status Importance Assigned to Milestone
samba (Debian)
New
Unknown
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: samba

8.04.1 newly installed. Xeon 5130, 10 GB RAM

samba 3.0.28a-1ubuntu4.7

[Thread debugging using libthread_db enabled]
[New Thread 0x7f97b5ddb700 (LWP 19763)]
0x00007f97b2fe34a5 in waitpid () from /lib/libc.so.6
#0 0x00007f97b2fe34a5 in waitpid () from /lib/libc.so.6
#1 0x00007f97b2f84461 in ?? () from /lib/libc.so.6
#2 0x0000000000613c7b in smb_panic (why=<value optimized out>)
    at lib/util.c:1639
#3 0x0000000000618cf1 in assert_uid (ruid=4294967295, euid=10009)
    at lib/util_sec.c:102
#4 0x00000000004ba5ae in become_id (uid=10009, gid=1009) at smbd/sec_ctx.c:57
#5 0x00000000004ba726 in pop_sec_ctx () at smbd/sec_ctx.c:345
#6 0x00000000004afef9 in unbecome_root () at smbd/uid.c:400
#7 0x00000000005d3e31 in uid_to_sid (psid=0x7fffbddf39d0, uid=0)
    at passdb/lookup_sid.c:1169
#8 0x00000000004bfd3f in create_file_sids (psbuf=0x7fffbddf38f0,
    powner_sid=0x4d34, pgroup_sid=0x0) at smbd/posix_acls.c:668
#9 0x00000000004c435a in get_nt_acl (fsp=0xae3060, security_info=7,
    ppdesc=0x7fffbddf3ab8) at smbd/posix_acls.c:2809
#10 0x000000000046e09e in is_visible_file (conn=0xa89a20,
    dir_path=0xa59180 "./", name=<value optimized out>, pst=0x7fffbddf4480,
    use_veto=1) at smbd/dir.c:897
#11 0x000000000046e620 in dptr_normal_ReadDirName (dptr=0xa84630,
    poffset=0x7fffbddf4548, pst=0x7fffbddf4480) at smbd/dir.c:562
#12 0x000000000046e694 in dptr_ReadDirName (dptr=0xa84630,
    poffset=0x7fffbddf4548, pst=0x7fffbddf4480) at smbd/dir.c:642
#13 0x00000000004a54e4 in get_lanman2_dir_entry (conn=0xa89a20,
    inbuf=<value optimized out>, outbuf=0xaae4a0 "",
    path_mask=0x7fffbddf5760 "*", dirtype=23, info_level=514,
    requires_resume_key=4, dont_descend=0, ppdata=0x7fffbddf5730,
    base_data=0xad2c30 "p", end_data=0xad7c2f "", space_remaining=12604,
    out_of_space=0x7fffbddf5754, got_exact_match=0x7fffbddf573c,
    last_entry_off=0x7fffbddf575c, name_list=0x0, ea_ctx=0x0)
    at smbd/trans2.c:1149
#14 0x00000000004a8b13 in call_trans2findfirst (conn=0xa89a20,
    inbuf=0xa8e050 "", outbuf=0xaae4a0 "", bufsize=16472, pparams=0xad1de0,
    total_params=<value optimized out>, ppdata=0xad1df0, total_data=0,
    max_data_bytes=16384) at smbd/trans2.c:1859
#15 0x00000000004a92ae in handle_trans2 (conn=0xa89a20, state=0xad1c90,
    inbuf=0xa8e050 "", outbuf=0xaae4a0 "", size=<value optimized out>,
    bufsize=16472) at smbd/trans2.c:6433
#16 0x00000000004afc6a in reply_trans2 (conn=0xa89a20, inbuf=0xa8e050 "",
    outbuf=0xaae4a0 "", size=88, bufsize=16472) at smbd/trans2.c:6703
#17 0x00000000004c87ce in switch_message (type=50, inbuf=0xa8e050 "",
    outbuf=0xaae4a0 "", size=88, bufsize=16472) at smbd/process.c:1004
#18 0x00000000004c9bc2 in smbd_process () at smbd/process.c:1031
#19 0x00000000006c5fad in main (argc=<value optimized out>,
    argv=0x7fffbddf76e8) at smbd/server.c:1120

Tried purging the package and re-installing, no change.

smb.conf carried over from 7.04/7.10 installation (although rest of install is new as result of hardware changes).

Mathias Gug (mathiaz) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Could you post your smb.conf file? When does the crash happen ? at startup? when a specific client connects?

Changed in samba:
status: New → Incomplete
Download full text (3.1 KiB)

Mathias Gug wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. Could you post your smb.conf file? When does the crash
> happen ? at startup? when a specific client connects?
>
> ** Changed in: samba (Ubuntu)
> Status: New => Incomplete
>

Good morning Mathias.

config attached.

Crash happens during access of files, the user may have been connected
for some time. Not every file and I've not yet managed to find a pattern
to which ones. It doesn't happen every session either.

More than one user involved, though we don't have many, we're basically
a Mac shop.

One point - when browsing the bug database a week or so back I noticed
another report that mentioned problems in a setup with NAS connected
storage using a Qlogic fibre-channel adaptor. We have the same
situation but with a different NAS device, although I've not noticed any
problems with the other clients (most people connect via Netatalk due to
Apple's UTF-8 handling differences)

Keith
--
Theme Group
3 & 4 Grove Park
Waltham Road
White Waltham
MAIDENHEAD
Berkshire
England
SL6 3LW

E: <email address hidden>
T: +44 (0) 1628 829090
F: +44 (0) 1628 828877
I: +44 (0) 1628 828899

http://www.themegroup.com <http://www.themegroup.com/>

----------------------------------------------------------------------------
Theme Group is a wholly owned trading style of This & That '95 Limited.
Registered in England No: 3092394 at 7/8 Eghams Court, Boston Drive, Bourne
End, Buckinghamshire. SL8 5YS.
----------------------------------------------------------------------------
This message and its attached file(s), is strictly confidential and intended
solely for the person whom it is addressed. It may contain personal and
confidential information and as such may be protected by the Data Protection
Act 1998. If you received this message in error, you must not copy,
distribute or take any action in reliance on it. Please notify us as soon
as possible and delete it and any attached files from your system. Any views
expressed in this communication may not necessarily be the views held by
Theme Group. As Internet communications are not secure we do not accept
legal responsibility for the contents of this message nor responsibility for
any change made to this message after the original sender sent it. Although
we have taken steps to ensure that this email and attachments are free from
any virus, we advise that in keeping with good computer practice the
recipient should ensure they are actually virus free. We advise you to
carry out your own virus check before opening any attachment, as Theme Group
is not liable for any loss or damage arising in any way from this message or
its attachments. Thank you for taking the time to read this as it may have
been a complete waste of your time. Very few people bother to read these
things but it proves how special you are 'cause you have, so thanks again.
Please take time to read our terms and conditions at
www.themegroup.co.uk/terms.pdf
<blocked::blocked::">http://www.themegroup.co.uk/terms.pdf>
<http://www.themegroup.co.uk/terms.pdf>

-------------------------------------------------------------...

Read more...

Paul Dufresne (paulduf) wrote :

Marking bug #264982 as a duplicate of this one, because it does hang on assert_uid too, although from a totally different backtrace. Not sure if it is really same cause, but since there is no answer on that bug, seems a better end, than marking it invalid for no answer.

Paul Dufresne (paulduf) wrote :

A closed (not because fixed) Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468296
suggests that this could be linked with roaming profiles:
"Problem resolved, the workstation is not using roaming profiles anymore.
Probably this was due to misconfigured (better: unconfigured) profile settings in smb.conf."

Paul Dufresne (paulduf) wrote :

Looks like a dup of bug #216358.
Posting the result of 'ulimit -S -u' could be usefull.

Paul Dufresne wrote:
> A closed (not because fixed) Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468296
> suggests that this could be linked with roaming profiles:
> "Problem resolved, the workstation is not using roaming profiles anymore.
> Probably this was due to misconfigured (better: unconfigured) profile settings in smb.conf."
>

Paul, I'm afraid 'could' is the operative word here.

We've seen it from WinXP machines (not using roaming profiles AFAIK) and
my own Gutsy machine using smbclient.

Keith

--
Theme Group
3 & 4 Grove Park
Waltham Road
White Waltham
MAIDENHEAD
Berkshire
England
SL6 3LW

E: <email address hidden>
T: +44 (0) 1628 829090
F: +44 (0) 1628 828877
I: +44 (0) 1628 828899

http://www.themegroup.com <http://www.themegroup.com/>

----------------------------------------------------------------------------
Theme Group is a wholly owned trading style of This & That '95 Limited.
Registered in England No: 3092394 at 7/8 Eghams Court, Boston Drive, Bourne
End, Buckinghamshire. SL8 5YS.
----------------------------------------------------------------------------
This message and its attached file(s), is strictly confidential and intended
solely for the person whom it is addressed. It may contain personal and
confidential information and as such may be protected by the Data Protection
Act 1998. If you received this message in error, you must not copy,
distribute or take any action in reliance on it. Please notify us as soon
as possible and delete it and any attached files from your system. Any views
expressed in this communication may not necessarily be the views held by
Theme Group. As Internet communications are not secure we do not accept
legal responsibility for the contents of this message nor responsibility for
any change made to this message after the original sender sent it. Although
we have taken steps to ensure that this email and attachments are free from
any virus, we advise that in keeping with good computer practice the
recipient should ensure they are actually virus free. We advise you to
carry out your own virus check before opening any attachment, as Theme Group
is not liable for any loss or damage arising in any way from this message or
its attachments. Thank you for taking the time to read this as it may have
been a complete waste of your time. Very few people bother to read these
things but it proves how special you are 'cause you have, so thanks again.
Please take time to read our terms and conditions at
www.themegroup.co.uk/terms.pdf
<blocked::blocked::">http://www.themegroup.co.uk/terms.pdf>
<http://www.themegroup.co.uk/terms.pdf>

---------------------------------------------------------------------------

Paul Dufresne wrote:
> Looks like a dup of bug #216358.
> Posting the result of 'ulimit -S -u' could be usefull.
>
matth1k@R2-D2:~$ ulimit -S -u
86015

Keith

--
Theme Group
3 & 4 Grove Park
Waltham Road
White Waltham
MAIDENHEAD
Berkshire
England
SL6 3LW

E: <email address hidden>
T: +44 (0) 1628 829090
F: +44 (0) 1628 828877
I: +44 (0) 1628 828899

http://www.themegroup.com <http://www.themegroup.com/>

----------------------------------------------------------------------------
Theme Group is a wholly owned trading style of This & That '95 Limited.
Registered in England No: 3092394 at 7/8 Eghams Court, Boston Drive, Bourne
End, Buckinghamshire. SL8 5YS.
----------------------------------------------------------------------------
This message and its attached file(s), is strictly confidential and intended
solely for the person whom it is addressed. It may contain personal and
confidential information and as such may be protected by the Data Protection
Act 1998. If you received this message in error, you must not copy,
distribute or take any action in reliance on it. Please notify us as soon
as possible and delete it and any attached files from your system. Any views
expressed in this communication may not necessarily be the views held by
Theme Group. As Internet communications are not secure we do not accept
legal responsibility for the contents of this message nor responsibility for
any change made to this message after the original sender sent it. Although
we have taken steps to ensure that this email and attachments are free from
any virus, we advise that in keeping with good computer practice the
recipient should ensure they are actually virus free. We advise you to
carry out your own virus check before opening any attachment, as Theme Group
is not liable for any loss or damage arising in any way from this message or
its attachments. Thank you for taking the time to read this as it may have
been a complete waste of your time. Very few people bother to read these
things but it proves how special you are 'cause you have, so thanks again.
Please take time to read our terms and conditions at
www.themegroup.co.uk/terms.pdf
<blocked::blocked::">http://www.themegroup.co.uk/terms.pdf>
<http://www.themegroup.co.uk/terms.pdf>

---------------------------------------------------------------------------

Paul Dufresne (paulduf) wrote :

Thanks you, for your comment.
Happy to see that you are there to answer more questions.

Then, looking the backtrace, I remark:
#2 0x0000000000613c7b in smb_panic (why=<value optimized out>)
    at lib/util.c:1639
#3 0x0000000000618cf1 in assert_uid (ruid=4294967295, euid=10009)
    at lib/util_sec.c:102
#4 0x00000000004ba5ae in become_id (uid=10009, gid=1009) at smbd/sec_ctx.c:57
#5 0x00000000004ba726 in pop_sec_ctx () at smbd/sec_ctx.c:345
#6 0x00000000004afef9 in unbecome_root () at smbd/uid.c:400
#7 0x00000000005d3e31 in uid_to_sid (psid=0x7fffbddf39d0, uid=0)
    at passdb/lookup_sid.c:1169
#8 0x00000000004bfd3f in create_file_sids (psbuf=0x7fffbddf38f0,
    powner_sid=0x4d34, pgroup_sid=0x0) at smbd/posix_acls.c:668

Well, I am just a bug triager that does try to understand a bit more Linux.
It is unclear to me if ruid=4294967295 is supposed to be Root user, or who else.
Looks like it have try to be user with id=10009, but with the real id of 4294967295 (root?).
Which would seems ok, since it was called in the context of unbecome_root.

Anyway, in an bug #216358, Steve Langasek say:
"Hitting this assertion error should also generate log entries. Could you please check /var/log/samba/log.smbd (or the per-host logfile) for entries of the form "Failure to set uid privileges to [...]"? "

I guess, looking the said log file may give a hint.

Download full text (4.6 KiB)

Paul Dufresne wrote:
> Thanks you, for your comment.
> Happy to see that you are there to answer more questions.
>
> Anyway, in an bug #216358, Steve Langasek say:
> "Hitting this assertion error should also generate log entries. Could you please check /var/log/samba/log.smbd (or the per-host logfile) for entries of the form "Failure to set uid privileges to [...]"? "
>
> I guess, looking the said log file may give a hint.
>

Paul,

there's nothing in log.smbd like this, but I found the following in one
of the client logs (it's my Gutsy machine).

[2009/01/09 08:17:14, 0] lib/util.c:log_stack_trace(1737)
   BACKTRACE: 20 stack frames:
    #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x613b4c]
    #1 /usr/sbin/smbd(smb_panic+0x43) [0x613c33]
    #2 /usr/sbin/smbd [0x618cf1]
    #3 /usr/sbin/smbd [0x4ba5ae]
    #4 /usr/sbin/smbd(pop_sec_ctx+0x96) [0x4ba726]
    #5 /usr/sbin/smbd(unbecome_root+0x9) [0x4afef9]
    #6 /usr/sbin/smbd(gid_to_sid+0x168) [0x5d36e8]
    #7 /usr/sbin/smbd(get_nt_acl+0x44a) [0x4c435a]
    #8 /usr/sbin/smbd(is_visible_file+0x26e) [0x46e09e]
    #9 /usr/sbin/smbd [0x46e620]
    #10 /usr/sbin/smbd(dptr_ReadDirName+0x54) [0x46e694]
    #11 /usr/sbin/smbd [0x4a54e4]
    #12 /usr/sbin/smbd [0x4a8b13]
    #13 /usr/sbin/smbd(handle_trans2+0x1be) [0x4a92ae]
    #14 /usr/sbin/smbd(reply_trans2+0x6ea) [0x4afc6a]
    #15 /usr/sbin/smbd [0x4c87ce]
    #16 /usr/sbin/smbd(smbd_process+0x7e2) [0x4c9bc2]
    #17 /usr/sbin/smbd(main+0x8cd) [0x6c5fad]
    #18 /lib/libc.so.6(__libc_start_main+0xf4) [0x7f97b2f641c4]
    #19 /usr/sbin/smbd [0x45a899]
[2009/01/09 08:17:14, 0] lib/util.c:smb_panic(1638)
   smb_panic(): calling panic action [/usr/share/samba/panic-action 2141]
[2009/01/09 08:17:14, 0] lib/util.c:smb_panic(1646)
   smb_panic(): action returned status 0
[2009/01/09 08:17:14, 0] lib/fault.c:dump_core(181)
   dumping core in /var/log/samba/cores/smbd
[2009/01/09 08:17:14, 1] smbd/service.c:make_connection_snum(1033)
   10.0.0.203 (10.0.0.203) connect to service webtech initially as user
kmatthews (uid=10009, gid=1009) (pid 2155)
[2009/01/09 08:17:14, 0] lib/util_sec.c:set_effective_uid(205)
   setresuid failed with EAGAIN. uid(10009) might be over its NPROC limit
[2009/01/09 08:17:14, 0] lib/util_sec.c:assert_uid(101)
   Failed to set uid privileges to (-1,10009) now set to (0,0)
[2009/01/09 08:17:14, 0] lib/util.c:smb_panic(1633)
   PANIC (pid 2155): failed to set uid

The line "uid(10009) might be over its NPROC limit"looks interesting.

Keith
--
Theme Group
3 & 4 Grove Park
Waltham Road
White Waltham
MAIDENHEAD
Berkshire
England
SL6 3LW

E: <email address hidden>
T: +44 (0) 1628 829090
F: +44 (0) 1628 828877
I: +44 (0) 1628 828899

http://www.themegroup.com <http://www.themegroup.com/>

----------------------------------------------------------------------------
Theme Group is a wholly owned trading style of This & That '95 Limited.
Registered in England No: 3092394 at 7/8 Eghams Court, Boston Drive, Bourne
End, Buckinghamshire. SL8 5YS.
----------------------------------------------------------------------------
This message and its attached file(s), is strictly confidential and intended
solely for the person whom ...

Read more...

Paul Dufresne (paulduf) wrote :

BTW, I determined that user 0 is root, and -1 is used to say, do not change this value (real user or effective user).
http://linux.die.net/man/2/setresuid
Now my very BIG GUESS is that it could be that the code in Samba use -1 without a type cast to uid_t.
And that the code would be ok say, on 32 bits, but not on 64 bits.
Something like it is exepecting -1 on 32 bits, and received -1 on 64 bits.

Please provide the output:
dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | grep samba
for the server and the client.

Then after that I intend to mark it as Confirmed for a developer to look at the bug.

Paul Dufresne (paulduf) wrote :

Well, at first glace it does seems my guess is right.
I have downloaded samba 3.0.28aorig.tar.gz (need to learn the command to extract sources and apply ubuntu patches) and found this in util_sec.c:
void set_effective_gid(gid_t gid)
{
#if USE_SETRESUID
 setresgid(-1,gid,-1);
#endif

#if USE_SETREUID
 setregid(-1,gid);
#endif

#if USE_SETEUID
 setegid(gid);
#endif

#if USE_SETUIDX
 setgidx(ID_EFFECTIVE, gid);
#endif

 assert_gid(-1, gid);
}

There is also:
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
        /* Set the effective as well as the real uid. */
 if (setresuid(uid,uid,-1) == -1) {
  if (errno == EAGAIN) {
   DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
      "might be over its NPROC limit\n",
      (int)uid));
  }
 }
#endif

#if USE_SETREUID
 setreuid(-1,uid);
#endif

#if USE_SETEUID
 seteuid(uid);
#endif

#if USE_SETUIDX
 setuidx(ID_EFFECTIVE, uid);
#endif

 assert_uid(-1, uid);
}

Looks like to me these -1 need to be casted to uid_t or gid_t for 64 bits machine to work.
But I am really not a true programmer, so I might be wrong... still, it looks bad to me.

I'll take a look at jaunty version to see if it is done the same way.

Paul Dufresne (paulduf) wrote :

Seems in .orig of jaunty (lib/sec_util.c) the functions seems identical.
Oh well, seems there is enough info for at least let a developer verify my hypothesis.
Confirming the bug.

Changed in samba:
status: Incomplete → Confirmed
Download full text (3.6 KiB)

Paul Dufresne wrote:
> BTW, I determined that user 0 is root, and -1 is used to say, do not change this value (real user or effective user).
> http://linux.die.net/man/2/setresuid
> Now my very BIG GUESS is that it could be that the code in Samba use -1 without a type cast to uid_t.
> And that the code would be ok say, on 32 bits, but not on 64 bits.
> Something like it is exepecting -1 on 32 bits, and received -1 on 64 bits.
>
> Please provide the output:
> dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | grep samba
> for the server and the client.
>
> Then after that I intend to mark it as Confirmed for a developer to look
> at the bug.
>

Client

libsmbclient 3.0.26a-1ubuntu2.5 samba install ok installed
samba-common 3.0.26a-1ubuntu2.5 samba install ok installed
smbclient 3.0.26a-1ubuntu2.5 samba install ok installed
smbfs 3.0.26a-1ubuntu2.5 samba install ok installed
winbind 3.0.26a-1ubuntu2.5 samba install ok installed

Server
libsmbclient 3.0.28a-1ubuntu4.7 samba install ok installed
samba 3.0.28a-1ubuntu4.7 install ok installed
samba-common 3.0.28a-1ubuntu4.7 samba install ok installed
samba-dbg 3.0.28a-1ubuntu4.7 samba install ok installed
samba-doc 3.0.28a-1ubuntu4.7 samba install ok installed
samba-doc-pdf 3.0.28a-1ubuntu4.7 samba install ok installed
smbclient 3.0.28a-1ubuntu4.7 samba install ok installed

Paul, one last point.

We used to have gutsy on the server, we were not getting this problem then.

Keith

--
Theme Group
3 & 4 Grove Park
Waltham Road
White Waltham
MAIDENHEAD
Berkshire
England
SL6 3LW

E: <email address hidden>
T: +44 (0) 1628 829090
F: +44 (0) 1628 828877
I: +44 (0) 1628 828899

http://www.themegroup.com <http://www.themegroup.com/>

----------------------------------------------------------------------------
Theme Group is a wholly owned trading style of This & That '95 Limited.
Registered in England No: 3092394 at 7/8 Eghams Court, Boston Drive, Bourne
End, Buckinghamshire. SL8 5YS.
----------------------------------------------------------------------------
This message and its attached file(s), is strictly confidential and intended
solely for the person whom it is addressed. It may contain personal and
confidential information and as such may be protected by the Data Protection
Act 1998. If you received this message in error, you must not copy,
distribute or take any action in reliance on it. Please notify us as soon
as possible and delete it and any attached files from your system. Any views
expressed in this communication may not necessarily be the views held by
Theme Group. As Internet communications are not secure we do not accept
legal responsibility for the contents of this message nor responsibility for
any change made to this message after the original sender sent it. Although
we have taken steps to ensure that this email and attachments are free from
any virus, we advise that in keeping with good computer practice the
recipient should ensure they are actually virus free. We advise you to
carry out your own virus check before opening any attachment, as Theme Group
is not liable for any loss or damage arising in any way from this message or
its attachments. T...

Read more...

Paul Dufresne (paulduf) wrote :

Just copying info from someone having this problem with no result.
Taken from http://linux.derkeiler.com/Mailing-Lists/Fedora/2007-08/msg03497.html

I was upgrade our Linux Samba server (Fedora Core 4, kernel 2.6.17,
samba 3.0.23d) to Fedora 7, kernel 2.6.22.2-57.fc7, samba 3.0.25bb-2.fc7
(SELinux in permissive mode), i386 Pentium D 3GHz CPU, 2GB RAM,
LAN with approx. <10 users.
But now users smb daemon sporadically (but frequently, 1-5 times/hour)
crashes. Machine log (Level 2) contain records like this:

[2007/08/21 08:53:18, 0] lib/util_sec.c:set_effective_uid(205)
setresuid failed with EAGAIN. uid(502) might be over its NPROC limit
[2007/08/21 08:53:18, 0] lib/util_sec.c:assert_uid(101)
Failed to set uid privileges to (-1,502) now set to (0,0)
[2007/08/21 08:53:18, 0] lib/util.c:smb_panic(1654)
PANIC (pid 13035): failed to set uid

[2007/08/21 08:53:18, 0] lib/util.c:log_stack_trace(1758)
BACKTRACE: 22 stack frames:
#0 smbd(log_stack_trace+0x2d) [0x802439fd]
#1 smbd(smb_panic+0x5d) [0x80243b2d]
#2 smbd [0x80249f4e]
#3 smbd [0x800b595c]
#4 smbd(pop_sec_ctx+0xa2) [0x800b5af2]
#5 smbd(unbecome_root+0x17) [0x800a9267]
#6 smbd(uid_to_sid+0x15c) [0x801fbc4c]
#7 smbd [0x800bc51d]
#8 smbd(get_nt_acl+0x4ac) [0x800c268c]
#9 smbd [0x800d887b]
#10 smbd(is_visible_file+0x2a0) [0x80060ee0]

Paul Dufresne (paulduf) wrote :

Just to remember it was reported in Debian as (closed because not reproductible) bug #501773:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501773

Paul Dufresne (paulduf) wrote :
Paul Dufresne (paulduf) wrote :

This link suggest bug may have been introduced in samba 3.0.23:
http://lists.zerezo.com/samba/msg26421.html

Changed in samba:
status: Unknown → New
Paul Dufresne (paulduf) wrote :

I think I found:
o Andrew Tridgell
    * Avoid a race condition in glibc between AIO and setresuid().
    * Become root for AIO operations.
taken from the latest (3.0.34 samba changelog):

This would explain why https://bugs.launchpad.net/ubuntu/+source/samba/+bug/341816
say that Build the sernet samba packages from source (3.0.34):
http://ftp.sernet.de/pub/samba/old/src/debian/3.0.34 fix it. (sorry for not saying that before, I was searching where
I did read that).
http://www.samba.org/samba/history/samba-3.0.34.html

Paul Dufresne wrote:
> I think I found:
> o Andrew Tridgell
> * Avoid a race condition in glibc between AIO and setresuid().
> * Become root for AIO operations.
> taken from the latest (3.0.34 samba changelog):
>
>
> This would explain why https://bugs.launchpad.net/ubuntu/+source/samba/+bug/341816
> say that Build the sernet samba packages from source (3.0.34):
> http://ftp.sernet.de/pub/samba/old/src/debian/3.0.34 fix it. (sorry for not saying that before, I was searching where
> I did read that).
> http://www.samba.org/samba/history/samba-3.0.34.html
>

Interesting, thanks for that Paul.

Not all of their conditions apply, we only have 4 clients that connect
via SMB, but otherwise looks very similar.

I'll try upgrading (however I haven't seen the problem for a week or so
now so don't expect quick results).

Keith

--
Theme Group
3 & 4 Grove Park
Waltham Road
White Waltham
MAIDENHEAD
Berkshire
England
SL6 3LW

E: <email address hidden>
T: +44 (0) 1628 829090
F: +44 (0) 1628 828877
I: +44 (0) 1628 828899

http://www.themegroup.com <http://www.themegroup.com/>

----------------------------------------------------------------------------
Theme Group is a wholly owned trading style of This & That '95 Limited.
Registered in England No: 3092394 at 7/8 Eghams Court, Boston Drive, Bourne
End, Buckinghamshire. SL8 5YS.
----------------------------------------------------------------------------
This message and its attached file(s), is strictly confidential and intended
solely for the person whom it is addressed. It may contain personal and
confidential information and as such may be protected by the Data Protection
Act 1998. If you received this message in error, you must not copy,
distribute or take any action in reliance on it. Please notify us as soon
as possible and delete it and any attached files from your system. Any views
expressed in this communication may not necessarily be the views held by
Theme Group. As Internet communications are not secure we do not accept
legal responsibility for the contents of this message nor responsibility for
any change made to this message after the original sender sent it. Although
we have taken steps to ensure that this email and attachments are free from
any virus, we advise that in keeping with good computer practice the
recipient should ensure they are actually virus free. We advise you to
carry out your own virus check before opening any attachment, as Theme Group
is not liable for any loss or damage arising in any way from this message or
its attachments. Thank you for taking the time to read this as it may have
been a complete waste of your time. Very few people bother to read these
things but it proves how special you are 'cause you have, so thanks again.
Please take time to read our terms and conditions at
www.themegroup.co.uk/terms.pdf
<blocked::blocked::">http://www.themegroup.co.uk/terms.pdf>
<http://www.themegroup.co.uk/terms.pdf>

---------------------------------------------------------------------------

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.