[PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)

Sachin Prabhu sprabhu at redhat.com
Fri Jul 29 13:11:04 UTC 2016 

On Fri, 2016-06-10 at 17:16 +0200, Aurélien Aptel wrote:
> On Thu, 9 Jun 2016 21:27:34 +0200 Marcus Hoffmann
> <marcus.hoffmann at fu-berlin.de> wrote:
> > 
> > Hey Aurélien,
> > with your script I can reproduce the bug locally now.
> Good.
> 
> > 
> > I can mount the share (which is on a Windows 8.1 vm) with a Windows
> > 7
> > PC with the restricted user account. (Even in hard mode.)
> > I can mount the share from Linux-cifs using the admin user but not
> > the
> > restricted user.
> I've moved some things around. All of the prefix path components are
> now checked for accessibility in cifs_do_mount(). This is more
> robust and it lets us set the CIFS_MOUNT_USE_PREFIX_PATH flag
> earlier.
> 
> I've updated the cifs_root_iget() to use the prefix path when
> necessary
> which should take care of the last case (hard mode).
> 
> Please test my latest patch (attached).
> 
> > 
> > (I noticed though that no user has access to the file in the shared
> > dir. But this doesn't really matter for the test.)
> Indeed.
> 


Hello,

Sorry for the late reply but this has to be a NACK from me.

We need to check for CIFS_MOUNT_USE_PREFIX_PATH
and if set, check cifs_sb->prepath for both old and new
in cifs_match_super().

Else we have the following bug:

Consider 2 different mounts on a server where root access is limited. I
used the reproducer for this case but simply created a separate folder
in the root directory to which the user has access. I then attempt to
mount the 2 separate folders in 2 different locations.

# mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
52/test2/sub/dir /mnt
# mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
52/test2/sub2/ /mnt2

# grep mnt /proc/mounts
//vm140-52/test2/sub/dir /mnt cifs
rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0,n
oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mode=
0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=60
,actimeo=1 0 0
//vm140-52/test2/sub2/ /mnt2 cifs
rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0,n
oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mode=
0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=60
,actimeo=1 0 0

but since we do not compare the prepath, we end up with the same share
mounted at both mount points. This is the share mounted first.

To confirm.

# date >/mnt/test
# cat /mnt/test /mnt2/test
Fri 29 Jul 14:05:19 BST 2016
Fri 29 Jul 14:05:19 BST 2016

Steve, 

Can you recall the earlier patch or should I write a fix for this?

Sachin Prabhu

More information about the samba-technical mailing list