[PATCH] smbmnt nosuid,nodev
Urban Widmark
urban at teststation.com
Tue Feb 10 22:50:16 GMT 2004
Hello all
(no I'm not dead yet :)
Adding the unix extensions in smbfs exposes/creates a problem with smbmnt
when the server has these enabled.
Some vendors install it suid by default and that allows users to mount
without nosuid,nodev. Since this setup does not use fstab root has no way
of restricting users.
Worse is that even if root mounts, he can't specify nosuid,nodev since
smbmnt ignores those flags. Previously tridge has rejected patches to make
smbmount understand those and a few other flags (that particular patch had
no additional security motivation) so I'm doing the minimal change to
force nosuid,nodev.
This has already been posted on bugtraq with a kernel-only quick-fix (that
Linus hated).
http://www.securityfocus.com/archive/1/353217/2004-02-07/2004-02-13/2
Please apply the following patch to all active branches.
I realise that I'm just a day or two late for 3.0.2 ...
/Urban
diff -urN -X exclude samba-3.0.2-orig/source/client/smbmnt.c samba-3.0.2/source/client/smbmnt.c
--- samba-3.0.2-orig/source/client/smbmnt.c Thu Aug 28 23:42:42 2003
+++ samba-3.0.2/source/client/smbmnt.c Tue Feb 10 22:56:58 2004
@@ -240,7 +240,7 @@
data.dir_mode |= S_IXOTH;
}
- flags = MS_MGC_VAL;
+ flags = MS_MGC_VAL | MS_NOSUID | MS_NODEV;
if (mount_ro) flags |= MS_RDONLY;
More information about the samba-technical
mailing list