[PATCH] smbmnt nosuid,nodev
urban at teststation.com
Tue Feb 10 22:50:16 GMT 2004
(no I'm not dead yet :)
Adding the unix extensions in smbfs exposes/creates a problem with smbmnt
when the server has these enabled.
Some vendors install it suid by default and that allows users to mount
without nosuid,nodev. Since this setup does not use fstab root has no way
of restricting users.
Worse is that even if root mounts, he can't specify nosuid,nodev since
smbmnt ignores those flags. Previously tridge has rejected patches to make
smbmount understand those and a few other flags (that particular patch had
no additional security motivation) so I'm doing the minimal change to
This has already been posted on bugtraq with a kernel-only quick-fix (that
Please apply the following patch to all active branches.
I realise that I'm just a day or two late for 3.0.2 ...
diff -urN -X exclude samba-3.0.2-orig/source/client/smbmnt.c samba-3.0.2/source/client/smbmnt.c
--- samba-3.0.2-orig/source/client/smbmnt.c Thu Aug 28 23:42:42 2003
+++ samba-3.0.2/source/client/smbmnt.c Tue Feb 10 22:56:58 2004
@@ -240,7 +240,7 @@
data.dir_mode |= S_IXOTH;
- flags = MS_MGC_VAL;
+ flags = MS_MGC_VAL | MS_NOSUID | MS_NODEV;
if (mount_ro) flags |= MS_RDONLY;
More information about the samba-technical