smbmount and ownership of dir for mounting
Brenton Judge
brenton at hkstar.com
Mon Dec 17 08:37:16 GMT 2001
Thanks for the quick response.
Just to clarify. /etc/fstab limits the options for non-owned directories to
being the responsibility of root so //evil_server/evil_share case becomes a
case of stupid root. If this is just protected by a flag in the smbmnt code
then can't evil programmer achieve this same result using a patched version
of smbmnt in spite of your protection.
smbmount does I thought allow user mounts given ownership ie.
$HOME/mymnts/winshare
How do other mounts differentiate, obviously once I have set the user flag in
fstab is the protection only limited to mount checking fstab or do they check
fstab independantly to verify legitimacy. What was the argument against the
dependency?
Thanks again for your help.
BJ
On Monday 17 December 2001 11:05 pm, Urban Widmark wrote:
> On Mon, 17 Dec 2001, Brenton Judge wrote:
> > Why can a user only mount on a directory which he owns with smbmount?
> > Surely write permission should be enough worst case and likely this too
> > should not be required. Other mount code allow mounts to occur without
>
> Paranoia. 'smbmount //evil_server/evil_share /tmp' and now I own all the
> tempfiles created. Are you certain that no program ever creates sensitive
> data on /tmp?
>
> And if I don't need write permission, then how about
> 'smbmount //evil_server/evil_share /bin'
> "Oh look, root started a shell. Now I have a shell too."
>
> If you need to change this you can edit the mount_ok function in
> source/client/smbmnt.c. It has a test at the end that checks if getuid
> equals st_uid of the mountpoint.
>
> > ownership (for example the CD-ROM mounting to /mnt/cdrom when ANY user
> > types mount /mnt/cdrom without either ownership or write permission). It
> > seems inconsistent. If the problem is in mounting over other people
> > stuff then surely there should be an exception if it is listed is
> > /etc/fstab
>
> smbmount should not allow any user mounts except those that are listed in
> /etc/fstab. It should work like any other fs.
>
> It doesn't parse /etc/fstab itself and allow mounts based on that as some
> people thought adding that dependency was a bad idea.
>
> On a 2.5.something kernel, with an updated mount from a not-yet released
> util-linux and with "smbconnect" from a future samba version smbfs will be
> mounted just like any other fs. All the normal mount options will work,
> user, noauto, noexec without complaints.
>
> If you want to test this now you can, if you let me dig up the patches. I
> think I even wrote some instructions ...
>
> /Urban
More information about the samba
mailing list