smbmount and ownership of dir for mounting

Brenton Judge brenton at hkstar.com
Mon Dec 17 08:37:16 GMT 2001 

Thanks for the quick response.

Just to clarify.  /etc/fstab limits the options for non-owned directories to 
being the responsibility of root so //evil_server/evil_share case becomes a 
case of stupid root.  If this is just protected by a flag in the smbmnt code 
then can't evil programmer achieve this same result using a patched version 
of smbmnt in spite of your protection.

smbmount does I thought allow user mounts given ownership ie. 
$HOME/mymnts/winshare

How do other mounts differentiate, obviously once I have set the user flag in 
fstab is the protection only limited to mount checking fstab or do they check 
fstab independantly to verify legitimacy.  What was the argument against the 
dependency?

Thanks again for your help.

BJ

On Monday 17 December 2001 11:05 pm, Urban Widmark wrote:
> On Mon, 17 Dec 2001, Brenton Judge wrote:
> > Why can a user only mount on a directory which he owns with smbmount?
> > Surely write permission should be enough worst case and likely this too
> > should not be required.  Other mount code allow mounts to occur without
>
> Paranoia. 'smbmount //evil_server/evil_share /tmp' and now I own all the
> tempfiles created. Are you certain that no program ever creates sensitive
> data on /tmp?
>
> And if I don't need write permission, then how about
> 'smbmount //evil_server/evil_share /bin'
> "Oh look, root started a shell. Now I have a shell too."
>
> If you need to change this you can edit the mount_ok function in
> source/client/smbmnt.c. It has a test at the end that checks if getuid
> equals st_uid of the mountpoint.
>
> > ownership (for example the CD-ROM mounting to /mnt/cdrom when ANY user
> > types mount /mnt/cdrom without either ownership or write permission).  It
> > seems inconsistent.  If the problem is in mounting over other people
> > stuff then surely there should be an exception if it is listed is
> > /etc/fstab
>
> smbmount should not allow any user mounts except those that are listed in
> /etc/fstab. It should work like any other fs.
>
> It doesn't parse /etc/fstab itself and allow mounts based on that as some
> people thought adding that dependency was a bad idea.
>
> On a 2.5.something kernel, with an updated mount from a not-yet released
> util-linux and with "smbconnect" from a future samba version smbfs will be
> mounted just like any other fs. All the normal mount options will work,
> user, noauto, noexec without complaints.
>
> If you want to test this now you can, if you let me dig up the patches. I
> think I even wrote some instructions ...
>
> /Urban

More information about the samba mailing list