[Pkg-samba-maint] DO NOT REPLY [Bug 4784] New: umount.cifs allows all users to unmount shares

samba-bugs at samba.org samba-bugs at samba.org
Thu Jul 12 23:38:15 UTC 2007


           Summary: umount.cifs allows all users to unmount shares
           Product: CifsVFS
           Version: 2.6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P3
         Component: user space tools
        AssignedTo: sfrench at us.ibm.com
        ReportedBy: vorlon at debian.org

umount.cifs in 3.0.25b is assuming wrong semantics for the CIFS_IOC_CHECKUMOUNT
ioctl: the return value of ioctl() is checked for a value > 0, when the
standard error return from ioctl (and the error return in this case) is -1 with
errno set to a more descriptive value.

As a result of misinterpreting the return value, umount.cifs is allowing all
users to unmount shares mounted by any other user.  In specialized
circumstances, this could become a security hole if a user believes their mount
point is safe and the share is unmounted to expose malicious directory contents

Patch to follow.

Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Pkg-samba-maint mailing list