smbmount and ownership of dir for mounting
Urban Widmark
urban at teststation.com
Mon Dec 17 11:29:03 GMT 2001
On Tue, 18 Dec 2001, Brenton Judge wrote:
> Just to clarify. /etc/fstab limits the options for non-owned directories to
> being the responsibility of root so //evil_server/evil_share case becomes a
> case of stupid root. If this is just protected by a flag in the smbmnt code
> then can't evil programmer achieve this same result using a patched version
> of smbmnt in spite of your protection.
For most filesystems /etc/fstab contains a complete list of directories
that can be mounted by a normal user. smbfs using separate rules causes
confusion and the current rule that allows you to mount on dirs you own
is going to go away (or move into mount).
smbmnt must be installed setuid root, which you can only do as root. If
you as root installs the evil programmer version of something you are
screwed anyway.
> How do other mounts differentiate, obviously once I have set the user flag in
> fstab is the protection only limited to mount checking fstab or do they check
> fstab independantly to verify legitimacy. What was the argument against the
> dependency?
The argument against is that if mount is changed then smbmount will break.
If the change makes smbmount stop work then all is well, people will
upgrade. But if the change doesn't make it stop working but perhaps cause
a security hole then people won't upgrade, unless they know about it.
Also, it is ugly compared to letting the mount program do the mounting.
It isn't that difficult to change smbmnt to check for user flags and allow
mounts based on that. However the standard samba version won't contain
that code.
/Urban
More information about the samba
mailing list