[linux-cifs-client] [PATCH 17/19] mount.cifs: guard against signals by unprivileged users
Jeff Layton
jlayton at samba.org
Thu Apr 1 13:32:41 MDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 28 Mar 2010 09:34:10 -0400
Jeff Layton <jlayton at samba.org> wrote:
> On Fri, 26 Mar 2010 10:25:40 -0400
> Jeff Layton <jlayton at samba.org> wrote:
>
> > From: Jeff Layton <jlayton at redhat.com>
> >
> > If mount.cifs is setuid root, then the unprivileged user who runs the
> > program can send the mount.cifs process a signal and kill it. This is
> > not a huge problem unless we happen to be updating the mtab at the
> > time, in which case the mtab lockfiles might not get cleaned up.
> >
> > To remedy this, have the privileged mount.cifs process set its real
> > uid to the effective uid (usually, root). This prevents unprivileged
> > users from being able to signal the process.
> >
> > While we're at it, also mask off signals while we're updating the
> > mtab. This leaves a SIGKILL by root as the only way to interrupt the
> > mtab update, but there's really nothing we can do about that.
> >
> > Signed-off-by: Jeff Layton <jlayton at redhat.com>
>
> A little self-review on this patch...
>
> It's probably better not to change the real uid until the mtab is set
> to be updated, so I'm moving that piece into add_mtab. Doing so very
> early on like this means that the kernel loses the ability to get the
> real uid of the user running the mount command.
>
> Replacement patch attached...
Simo pointed out another problem with this patch. It's possible for
getpwuid to block for quite a while if using something like NIS, SSSD,
etc...
Thus, it's better to move the getusername() call out of the section
where we hold the mtab lock. New patch attached.
- --
Jeff Layton <jlayton at samba.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAku09N0ACgkQyP0gxQMdzIBRDwCeKMwXGMBFUsdoFDxprCDrnjJe
va8An3wRc/6Es+S5/HVQk2lCISoUgnEK
=Z6vK
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mount.cifs-guard-against-signals-by-unprivileged-use.patch
Type: text/x-patch
Size: 3750 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20100401/eb8d5fda/attachment.bin>
More information about the linux-cifs-client
mailing list