[PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)
Sachin Prabhu
sprabhu at redhat.com
Fri Jul 29 13:31:47 UTC 2016
On Fri, 2016-07-29 at 14:11 +0100, Sachin Prabhu wrote:
> On Fri, 2016-06-10 at 17:16 +0200, Aurélien Aptel wrote:
> >
> > On Thu, 9 Jun 2016 21:27:34 +0200 Marcus Hoffmann
> > <marcus.hoffmann at fu-berlin.de> wrote:
> > >
> > >
> > > Hey Aurélien,
> > > with your script I can reproduce the bug locally now.
> > Good.
> >
> > >
> > >
> > > I can mount the share (which is on a Windows 8.1 vm) with a
> > > Windows
> > > 7
> > > PC with the restricted user account. (Even in hard mode.)
> > > I can mount the share from Linux-cifs using the admin user but
> > > not
> > > the
> > > restricted user.
> > I've moved some things around. All of the prefix path components
> > are
> > now checked for accessibility in cifs_do_mount(). This is more
> > robust and it lets us set the CIFS_MOUNT_USE_PREFIX_PATH flag
> > earlier.
> >
> > I've updated the cifs_root_iget() to use the prefix path when
> > necessary
> > which should take care of the last case (hard mode).
> >
> > Please test my latest patch (attached).
> >
> > >
> > >
> > > (I noticed though that no user has access to the file in the
> > > shared
> > > dir. But this doesn't really matter for the test.)
> > Indeed.
> >
>
> Hello,
>
> Sorry for the late reply but this has to be a NACK from me.
>
> We need to check for CIFS_MOUNT_USE_PREFIX_PATH
> and if set, check cifs_sb->prepath for both old and new
> in cifs_match_super().
>
> Else we have the following bug:
>
> Consider 2 different mounts on a server where root access is limited.
> I
> used the reproducer for this case but simply created a separate
> folder
> in the root directory to which the user has access. I then attempt to
> mount the 2 separate folders in 2 different locations.
>
> # mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
> 52/test2/sub/dir /mnt
> # mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
> 52/test2/sub2/ /mnt2
>
> # grep mnt /proc/mounts
> //vm140-52/test2/sub/dir /mnt cifs
> rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0
> ,n
> oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mod
> e=
> 0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=
> 60
> ,actimeo=1 0 0
> //vm140-52/test2/sub2/ /mnt2 cifs
> rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0
> ,n
> oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mod
> e=
> 0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=
> 60
> ,actimeo=1 0 0
>
> but since we do not compare the prepath, we end up with the same
> share
> mounted at both mount points. This is the share mounted first.
>
> To confirm.
>
> # date >/mnt/test
> # cat /mnt/test /mnt2/test
> Fri 29 Jul 14:05:19 BST 2016
> Fri 29 Jul 14:05:19 BST 2016
>
> Steve,
>
> Can you recall the earlier patch or should I write a fix for this?
>
> Sachin Prabhu
This bug in the patch was masked by another issue which was fixed by
the patch
cifs: unbreak TCP session reuse
by Rabin Vincent which has been posted to go into upstream at the same
time as this patch.
Sachin Prabhu
More information about the samba-technical
mailing list