[PATCH 5/10] Debian patch: yet another (obscure?) smbmount patch...

Steve Langasek vorlon at debian.org
Wed May 30 21:12:47 GMT 2007 

On Wed, May 30, 2007 at 10:48:03PM +0200, Christian Perrier wrote:
> The attached patch is currently used in Debian.

> Again, this is a patch against a part of the code that is, IIRC,
> in low maintenance mode.

> I don't even have a clear idea of what the patch is meant for but
> that's mostly because I lack the needed skills.

> So, just in case you can do something with it....

This patch is the stopgap that was implemented immediately prior to the
sarge release in response to the security issue with the kernel ignoring
uid,gid mount options when the server supported unix capabilities.  The
corresponding changelog entry was:

 samba (3.0.14a-4) unstable; urgency=high

   [...]
   * Patch smbmount to strip CAP_UNIX out of the capabilities passed to
     the kernel when uid, gid, dmask, or fmask options have been
     specified; this keeps the mount permissions from changing out from
     under the user when upgrading to a server (or to a kernel) that 
     supports unix extensions.  Closes: #310982.
   [...]

This issue has since been resolved in the kernel.  The patch should not be
included upstream in Samba, and should be dropped from the Debian packages
as well just as soon as someone has time for testing it (or, y'know, as soon
as we stop shipping mount.smbfs altogether).

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

> Goal: respect requests for uid-flattening mount options by disabling Unix permissions handling in the kernel driver
> 
> Fixes: ?
> 
> Status wrt upstream: If pertinent, should probably be forwarded
> 
> Note: Part of no-longer maintained smbfs stuff?
> 
> Index: samba-3.0.25a/source/client/smbmount.c
> ===================================================================
> --- samba-3.0.25a.orig/source/client/smbmount.c	2007-05-26 07:46:33.884647544 +0200
> +++ samba-3.0.25a/source/client/smbmount.c	2007-05-26 07:46:34.272650637 +0200
> @@ -213,6 +213,10 @@
>    		c->capabilities &= ~CAP_STATUS32;
>  		c->force_dos_errors = True;
>  	}
> +	/* For now, respect requests for uid-flattening mount options
> +	   by disabling Unix permissions handling in the kernel driver */
> +	if (mount_uid || mount_gid || mount_fmask || mount_dmask)
> +		c->capabilities &= ~CAP_UNIX;
>  
>  	if (!NT_STATUS_IS_OK(cli_session_setup(c, username, 
>  					       password, strlen(password),

More information about the samba-technical mailing list