[PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)
Sachin Prabhu
sprabhu at redhat.com
Fri Jul 29 13:11:04 UTC 2016
On Fri, 2016-06-10 at 17:16 +0200, Aurélien Aptel wrote:
> On Thu, 9 Jun 2016 21:27:34 +0200 Marcus Hoffmann
> <marcus.hoffmann at fu-berlin.de> wrote:
> >
> > Hey Aurélien,
> > with your script I can reproduce the bug locally now.
> Good.
>
> >
> > I can mount the share (which is on a Windows 8.1 vm) with a Windows
> > 7
> > PC with the restricted user account. (Even in hard mode.)
> > I can mount the share from Linux-cifs using the admin user but not
> > the
> > restricted user.
> I've moved some things around. All of the prefix path components are
> now checked for accessibility in cifs_do_mount(). This is more
> robust and it lets us set the CIFS_MOUNT_USE_PREFIX_PATH flag
> earlier.
>
> I've updated the cifs_root_iget() to use the prefix path when
> necessary
> which should take care of the last case (hard mode).
>
> Please test my latest patch (attached).
>
> >
> > (I noticed though that no user has access to the file in the shared
> > dir. But this doesn't really matter for the test.)
> Indeed.
>
Hello,
Sorry for the late reply but this has to be a NACK from me.
We need to check for CIFS_MOUNT_USE_PREFIX_PATH
and if set, check cifs_sb->prepath for both old and new
in cifs_match_super().
Else we have the following bug:
Consider 2 different mounts on a server where root access is limited. I
used the reproducer for this case but simply created a separate folder
in the root directory to which the user has access. I then attempt to
mount the 2 separate folders in 2 different locations.
# mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
52/test2/sub/dir /mnt
# mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
52/test2/sub2/ /mnt2
# grep mnt /proc/mounts
//vm140-52/test2/sub/dir /mnt cifs
rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0,n
oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mode=
0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=60
,actimeo=1 0 0
//vm140-52/test2/sub2/ /mnt2 cifs
rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0,n
oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mode=
0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=60
,actimeo=1 0 0
but since we do not compare the prepath, we end up with the same share
mounted at both mount points. This is the share mounted first.
To confirm.
# date >/mnt/test
# cat /mnt/test /mnt2/test
Fri 29 Jul 14:05:19 BST 2016
Fri 29 Jul 14:05:19 BST 2016
Steve,
Can you recall the earlier patch or should I write a fix for this?
Sachin Prabhu
More information about the samba-technical
mailing list