[linux-cifs-client] Re: nosuid, noexec mount options
Urban Widmark
urban at teststation.com
Thu Feb 12 00:19:39 GMT 2004
On 11 Feb 2004, Steve French wrote:
> Support for noexec and nosuid has been added to the current mount.cifs.c
> mount helper code (now called version 1.1 of mount.cifs) the and tested
> with current 2.6 kernel code and cifs vfs (should be fine with 2.4 as
> well) to verify that files that were "chmod +s" behaved as expected
> depending on who the local user was and what the suid/nosuid setting was
> on the mount command.
>
> This is an important security feature in some environents and a similar
> fix needs to be made to smbfs. I have not looked into smbmnt enough to
> see if the change would be easy for that as well (I suspect so) but will
> check whether Urban to see whether something similar is needed.
As I mailed you yesterday, the fix for smbmnt has already been posted.
Please don't make it sound like you are informing me about this issue.
The smbmnt change is currently an unconditional disable of setuid and
device since it is the simplest way to fix this and still allow user
mounts, which is how some distributions ship smbmnt. Many more smbfs users
expect user mounts to work, than setuid files.
Also, as I tried to explain then, mount.cifs looks like it has the same
problem as smbmnt does for non-root mounts. As far as I can tell the 1.1
version is still vulnerable when installed to allow user mounts. There is
nothing forcing the nosuid flag if mount.cifs is suid root, is there?
I think you need to fix that too, or at least document it so that
distribution makers and users can avoid it as they see fit.
And I will repeat my earlier suggestion that this would all be a non-issue
if mount.cifs was never used to mount and did not excute the mount syscall
itself (the exact same arguments are valid against smbmount/smbmnt).
No userspace helper, a helper that runs mount instead of the other way
around or a helper that is run by the kernel after the fs is mounted are
all better solutions in terms of not duplicating what mount already does
and not introducing non-standard rules for mounting.
Looking a little bit closer at what mount.cifs does, have you considered
putting it inside the mount tool the same way nfs is handled? That would
also solve these problems. I see no current use of any samba code so it
should work just fine as a part of mount (util-linux package IIRC).
/Urban
More information about the linux-cifs-client
mailing list