[Pkg-samba-maint] Bug#431661: Bug#431661: smbmount options uid=, gid= stopped working after upgrading smbfs to version 3.0.25b-1+b1

Steve Langasek vorlon at debian.org
Sun Jul 8 22:50:58 UTC 2007


Hi Ian,

On Thu, Jul 05, 2007 at 09:55:16AM +1000, Ian MacKinnell wrote:
> Here is the xterm output when I mount a remote host and then run ls -la 
> on the mount point:

> ianma at ianma:~$ smbmount //frodo/ianma ~/tmp -o uid=ianma,gid=users
> Password:
> ianma at ianma:~$ ls -la ~/tmp
> total 24
> drwxr-xr-x  1 root  root  4096 2007-07-05 09:12 .
> drwxr-xr-x 68 ianma users 4096 2007-07-04 16:28 ..
> -rw-------  1  1039 users   99 2007-06-15 13:20 .bash_history
> -rw-r--r--  1  1039 users  220 2006-12-12 08:20 .bash_logout
> -rw-r--r--  1  1039 users  414 2006-12-12 08:20 .bash_profile
> -rw-r--r--  1  1039 users 2227 2007-06-15 13:19 .bashrc
> drwxr-xr-x  1  1039 users    0 2007-06-15 13:20 .mc
> ianma at ianma:~$

> (Note: user 1039 is the uid for "ianma" on the remote Samba server)

Thanks, this makes it pretty clear to me what's going on.

First of all, from a security perspective, it's important that the suid-root
mounting script (smbmount+smbmnt) not be usable by the mounting user to
gaing privileges he doesn't otherwise have.  This /possibly/ means that the
user should not be allowed to specify arbitrary uid,gid settings when
mounting.  It also *definitely* means that the user should not be able to
use smbmount to mount filesystems with full Unix extensions -- you do *not*
want a user to have a copy of /dev/hda that they own, or a copy of /bin/sh
that's suid root!

Now, it looks like the current behavior of smbmount is a result of the added
patch, missing_userspace_bugzilla999.  If I drop this patch from samba
3.0.25b-1 and rebuild, the resulting smbmount gives me mounts with the
current user's uid, regardless of server permissions and regardless of uid
options passed on the commandline.

So it looks like a bug in this patch.  I'll try to see what's up with it.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/




More information about the Pkg-samba-maint mailing list