[PATCH 5/10] Debian patch: yet another (obscure?) smbmount
vorlon at debian.org
Wed May 30 21:12:47 GMT 2007
On Wed, May 30, 2007 at 10:48:03PM +0200, Christian Perrier wrote:
> The attached patch is currently used in Debian.
> Again, this is a patch against a part of the code that is, IIRC,
> in low maintenance mode.
> I don't even have a clear idea of what the patch is meant for but
> that's mostly because I lack the needed skills.
> So, just in case you can do something with it....
This patch is the stopgap that was implemented immediately prior to the
sarge release in response to the security issue with the kernel ignoring
uid,gid mount options when the server supported unix capabilities. The
corresponding changelog entry was:
samba (3.0.14a-4) unstable; urgency=high
* Patch smbmount to strip CAP_UNIX out of the capabilities passed to
the kernel when uid, gid, dmask, or fmask options have been
specified; this keeps the mount permissions from changing out from
under the user when upgrading to a server (or to a kernel) that
supports unix extensions. Closes: #310982.
This issue has since been resolved in the kernel. The patch should not be
included upstream in Samba, and should be dropped from the Debian packages
as well just as soon as someone has time for testing it (or, y'know, as soon
as we stop shipping mount.smbfs altogether).
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
> Goal: respect requests for uid-flattening mount options by disabling Unix permissions handling in the kernel driver
> Fixes: ?
> Status wrt upstream: If pertinent, should probably be forwarded
> Note: Part of no-longer maintained smbfs stuff?
> Index: samba-3.0.25a/source/client/smbmount.c
> --- samba-3.0.25a.orig/source/client/smbmount.c 2007-05-26 07:46:33.884647544 +0200
> +++ samba-3.0.25a/source/client/smbmount.c 2007-05-26 07:46:34.272650637 +0200
> @@ -213,6 +213,10 @@
> c->capabilities &= ~CAP_STATUS32;
> c->force_dos_errors = True;
> + /* For now, respect requests for uid-flattening mount options
> + by disabling Unix permissions handling in the kernel driver */
> + if (mount_uid || mount_gid || mount_fmask || mount_dmask)
> + c->capabilities &= ~CAP_UNIX;
> if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
> password, strlen(password),
More information about the samba-technical