[Pkg-samba-maint] Bug#699673: smbfs is completely unsecured !

yellowprotoss yellowprotoss at gmail.com
Sun Feb 3 10:28:03 UTC 2013 

Package: smbfs
Version: 2:4.5-2+squeeze1
Severity: important


Hi,

the best of the best is to add a password in plain text into the /etc/fstab of a machine.       

If you think further, it leaves a lot of ways to get the samba password of an user, - rapidly, and pretty simple for any hackers.

I would recommend you do soemthing. 

Please put this package in SID. It cannot be like that. 

I give you the great how to that leaves a beautiful breach ... 

SAMBA is brillant. But tools          

Kind regards 



Install smbclient from the Official Repositories.
To list public shares on a server:
$ smbclient -L <hostname> -U%
Create a mount point for the share:
# mkdir /mnt/MOUNTPOINT
Mount the share using the mount.cifs type. Not all the options listed below are needed or desirable (ie. password).
# mount -t cifs //SERVER/SHARENAME /mnt/MOUNTPOINT -o user=USERNAME,password=PASSWORD,workgroup=WORKGROUP,ip=SERVERIP
SERVER
The Windows system name.
SHARENAME
The shared directory.
MOUNTPOINT
The local directory where the share will be mounted.
-o [options]
See man mount.cifs for more information:
Note: Abstain from using a trailing /. //SERVER/SHARENAME/ will not work.
Add Share to /etc/fstab
The simplest way to add an fstab entry is something like this:
/etc/fstab
//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,username=USER,password=PASSWORD,workgroup=WORKGROUP,ip=SERVERIP 0 0
However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and chmod 600 <filename> so only the owning user can read and write to it. It should contain the following information:
/path/to/credentials/sambacreds
username=USERNAME
password=PASSWORD
and the line in your fstab should look something like this:
/etc/fstab
//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,username=USER,credentials=/path/to/credentials/sambacreds,workgroup=WORKGROUP,ip=SERVERIP 0 0
If using systemd (modern installations), one can utilize the comment=systemd.automount option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing uid and gid options:
/etc/fstab
//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,credentials=/path/to/smbcredentials,comment=systemd.automount,uid=USERNAME,gid=USERGROUP 0 0


source: 
https://wiki.archlinux.org/index.php/Samba





-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages smbfs depends on:
ii  cifs-utils              2:4.5-2+squeeze1 Common Internet File System utilit

smbfs recommends no packages.

smbfs suggests no packages.

-- no debconf information

More information about the Pkg-samba-maint mailing list