svn commit: samba r12394 - in trunk/source/param: .
jra at samba.org
jra at samba.org
Tue Dec 20 02:29:41 GMT 2005
Author: jra
Date: 2005-12-20 02:29:41 +0000 (Tue, 20 Dec 2005)
New Revision: 12394
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12394
Log:
Ensure usershare directory must not be writable by
anyone.
Jeremy.
Modified:
trunk/source/param/loadparm.c
Changeset:
Modified: trunk/source/param/loadparm.c
===================================================================
--- trunk/source/param/loadparm.c 2005-12-20 02:23:51 UTC (rev 12393)
+++ trunk/source/param/loadparm.c 2005-12-20 02:29:41 UTC (rev 12394)
@@ -4560,15 +4560,16 @@
/*
* This directory must be owned by root, and have the 't' bit set.
+ * It also must not be writable by "other".
*/
#ifdef S_ISVTX
- if (sbuf.st_uid != 0 || !(sbuf.st_mode & S_ISVTX)) {
+ if (sbuf.st_uid != 0 || !(sbuf.st_mode & S_ISVTX) || (sbuf.st_mode & S_IWOTH)) {
#else
- if (sbuf.st_uid != 0) {
+ if (sbuf.st_uid != 0 || (sbuf.st_mode & S_IWOTH)) {
#endif
DEBUG(0,("process_usershare_directory: directory %s is not owned by root "
- "or does not have the sticky bit 't' set.\n",
+ "or does not have the sticky bit 't' set or is writable by anyone.\n",
usersharepath ));
return;
}
More information about the samba-cvs
mailing list