[Pkg-samba-maint] DO NOT REPLY [Bug 4784] New: umount.cifs allows all users to unmount shares
samba-bugs at samba.org
samba-bugs at samba.org
Thu Jul 12 23:38:15 UTC 2007
https://bugzilla.samba.org/show_bug.cgi?id=4784
Summary: umount.cifs allows all users to unmount shares
Product: CifsVFS
Version: 2.6
Platform: All
OS/Version: Linux
Status: NEW
Severity: major
Priority: P3
Component: user space tools
AssignedTo: sfrench at us.ibm.com
ReportedBy: vorlon at debian.org
umount.cifs in 3.0.25b is assuming wrong semantics for the CIFS_IOC_CHECKUMOUNT
ioctl: the return value of ioctl() is checked for a value > 0, when the
standard error return from ioctl (and the error return in this case) is -1 with
errno set to a more descriptive value.
As a result of misinterpreting the return value, umount.cifs is allowing all
users to unmount shares mounted by any other user. In specialized
circumstances, this could become a security hole if a user believes their mount
point is safe and the share is unmounted to expose malicious directory contents
below.
Patch to follow.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Pkg-samba-maint
mailing list