[PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)
Steve French
smfrench at gmail.com
Fri Jul 29 20:20:26 UTC 2016
Let's add your fix as a followon patch
On Fri, Jul 29, 2016 at 8:31 AM, Sachin Prabhu <sprabhu at redhat.com> wrote:
> On Fri, 2016-07-29 at 14:11 +0100, Sachin Prabhu wrote:
>> On Fri, 2016-06-10 at 17:16 +0200, Aurélien Aptel wrote:
>> >
>> > On Thu, 9 Jun 2016 21:27:34 +0200 Marcus Hoffmann
>> > <marcus.hoffmann at fu-berlin.de> wrote:
>> > >
>> > >
>> > > Hey Aurélien,
>> > > with your script I can reproduce the bug locally now.
>> > Good.
>> >
>> > >
>> > >
>> > > I can mount the share (which is on a Windows 8.1 vm) with a
>> > > Windows
>> > > 7
>> > > PC with the restricted user account. (Even in hard mode.)
>> > > I can mount the share from Linux-cifs using the admin user but
>> > > not
>> > > the
>> > > restricted user.
>> > I've moved some things around. All of the prefix path components
>> > are
>> > now checked for accessibility in cifs_do_mount(). This is more
>> > robust and it lets us set the CIFS_MOUNT_USE_PREFIX_PATH flag
>> > earlier.
>> >
>> > I've updated the cifs_root_iget() to use the prefix path when
>> > necessary
>> > which should take care of the last case (hard mode).
>> >
>> > Please test my latest patch (attached).
>> >
>> > >
>> > >
>> > > (I noticed though that no user has access to the file in the
>> > > shared
>> > > dir. But this doesn't really matter for the test.)
>> > Indeed.
>> >
>>
>> Hello,
>>
>> Sorry for the late reply but this has to be a NACK from me.
>>
>> We need to check for CIFS_MOUNT_USE_PREFIX_PATH
>> and if set, check cifs_sb->prepath for both old and new
>> in cifs_match_super().
>>
>> Else we have the following bug:
>>
>> Consider 2 different mounts on a server where root access is limited.
>> I
>> used the reproducer for this case but simply created a separate
>> folder
>> in the root directory to which the user has access. I then attempt to
>> mount the 2 separate folders in 2 different locations.
>>
>> # mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
>> 52/test2/sub/dir /mnt
>> # mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
>> 52/test2/sub2/ /mnt2
>>
>> # grep mnt /proc/mounts
>> //vm140-52/test2/sub/dir /mnt cifs
>> rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0
>> ,n
>> oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mod
>> e=
>> 0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=
>> 60
>> ,actimeo=1 0 0
>> //vm140-52/test2/sub2/ /mnt2 cifs
>> rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0
>> ,n
>> oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mod
>> e=
>> 0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=
>> 60
>> ,actimeo=1 0 0
>>
>> but since we do not compare the prepath, we end up with the same
>> share
>> mounted at both mount points. This is the share mounted first.
>>
>> To confirm.
>>
>> # date >/mnt/test
>> # cat /mnt/test /mnt2/test
>> Fri 29 Jul 14:05:19 BST 2016
>> Fri 29 Jul 14:05:19 BST 2016
>>
>> Steve,
>>
>> Can you recall the earlier patch or should I write a fix for this?
>>
>> Sachin Prabhu
>
> This bug in the patch was masked by another issue which was fixed by
> the patch
>
> cifs: unbreak TCP session reuse
> by Rabin Vincent which has been posted to go into upstream at the same
> time as this patch.
>
> Sachin Prabhu
--
Thanks,
Steve
More information about the samba-technical
mailing list