On Sat, May 28, 2005 at 05:17:39AM +1000, Andrew Bartlett wrote: > On Fri, 2005-05-27 at 08:20 -0700, Steve Langasek wrote: > > reassign 310982 kernel-source-2.4.27 > > thanks
> > On Fri, May 27, 2005 at 03:14:01PM +0200, Bill Allombert wrote: > > > Package: smbfs > > > Version: 3.0.14a-1 > > > Severity: serious > > > Justification: break security on upgrade > > > Hello Debian samba maintainers, > > > smbmount does not honour the uid and gid option with the sarge 2.4 > > > kernel when the server has 'unix extensions' enabled. > > > The security problem is that 'unix extension' are not enabled with woody > > > samba > > > server but are enabled by the upgrade to sarge (since this is the > > > default). At this point the bug in smbmount on the samba client allow > > > users on the client to access the samba share with the same permission > > > they would have on the server disregarding the uid/gid option passed to > > > smbmount. > > This is a bug in the kernel, not in the userspace tools; smbmount has no say > > in whether Unix capabilities are negotiated. > Well, it can choose not to provide that capability, as for smbfs > smbmount provides the session setup. (Contrasting with the cifs vfs, > which is all in-kernel). Yeah, on second look I see that it can be done in smbmount, and this would be a far more expedient fix. > > An appropriate fix might be for the kernel to ignore the presence of > > CAP_UNIX when uid/gid options have been passed to mount. > This is also a very sensible way to handle it, and is the only 'secure' > way, given that smbmount is unprivileged. Right; long term, it'd be good if the kernel would guard against this as well. -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
