From: Björn Jacke Date: Mon, 25 Mar 2024 16:03:35 +0000 (+0100) Subject: Revert "open.c: prefer capabilities over become_root" X-Git-Tag: tdb-1.4.11~1364 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88eb58af6783ad23d2e2b602ee9fdbbdf556b354;p=thirdparty%2Fsamba.git Revert "open.c: prefer capabilities over become_root" This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ae47d130650..9512fb20c59 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -999,11 +999,11 @@ static void change_file_owner_to_parent_fsp(struct files_struct *parent_fsp, return; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FCHOWN(fsp, parent_fsp->fsp_name->st.st_ex_uid, (gid_t)-1); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1) { DBG_ERR("failed to fchown " "file %s to parent directory uid %u. Error " @@ -1036,11 +1036,11 @@ static NTSTATUS change_dir_owner_to_parent_fsp(struct files_struct *parent_fsp, return NT_STATUS_OK; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FCHOWN(fsp, parent_fsp->fsp_name->st.st_ex_uid, (gid_t)-1); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1) { status = map_nt_error_from_unix(errno); DBG_ERR("failed to chown " @@ -5542,13 +5542,13 @@ static NTSTATUS inherit_new_acl(files_struct *dirfsp, files_struct *fsp) if (inherit_owner) { /* We need to be root to force this. */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp), security_info_sent, psd); if (inherit_owner) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } TALLOC_FREE(frame); return status;