[PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)

Aurélien Aptel aaptel at suse.com
Fri Jun 10 15:16:49 UTC 2016

On Thu, 9 Jun 2016 21:27:34 +0200 Marcus Hoffmann
<marcus.hoffmann at fu-berlin.de> wrote:
> Hey Aurélien,
> with your script I can reproduce the bug locally now.


> I can mount the share (which is on a Windows 8.1 vm) with a Windows 7
> PC with the restricted user account. (Even in hard mode.)
> I can mount the share from Linux-cifs using the admin user but not the
> restricted user.

I've moved some things around. All of the prefix path components are
now checked for accessibility in cifs_do_mount(). This is more
robust and it lets us set the CIFS_MOUNT_USE_PREFIX_PATH flag earlier.

I've updated the cifs_root_iget() to use the prefix path when necessary
which should take care of the last case (hard mode).

Please test my latest patch (attached).

> (I noticed though that no user has access to the file in the shared
> dir. But this doesn't really matter for the test.)


Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fs-cifs-make-share-unaccessible-at-root-level-mounta.patch
Type: text/x-patch
Size: 7553 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160610/6f1012da/0001-fs-cifs-make-share-unaccessible-at-root-level-mounta.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160610/6f1012da/attachment.sig>

More information about the samba-technical mailing list