On Wed, Jul 06, 2005 at 07:17:20PM +0900, Horms wrote:
> On Tue, Jun 07, 2005 at 07:44:25PM -0700, Steve Langasek wrote:
> > On Tue, Jun 07, 2005 at 06:42:33PM +0900, Horms wrote:
> > > On Mon, Jun 06, 2005 at 04:19:28AM -0700, Steve Langasek wrote:
> > > > reopen 310982
> > > > tags 310982 security
> > > > thanks
> > > >
> > > > samba 3.0.14a-4 didn't make the cut for sarge, so this bug is still
> > > > present
> > > > in the release. That being the case, it would be far better to fix
> > > > this bug
> > > > in the kernel instead of in smbfs.
> >
> > > Hi Steve,
> >
> > > I'm kind of trying to read your mind here, but are you thinking
> > > of just making a kernel that doesn't do SMB_CAP_UNIX at all?
> >
> > I think the best answer is for the kernel to track whether
> > uid,gid,fmask,dmask options were specified, and if so, to ignore the
> > permission info sent by the CAP_UNIX-enabled server.
> >
> > That may require changes to the ioctl interface, though; I'd have to check
> > again whether there's any distinction between not setting the option, and
> > setting the option to 0.
>
> Sorry for being slack about this. I scraped together a few moments to
> look into this. parse_options() in fs/smbfs/inode.c seems to handle
> the options parsed to a mount, and it does indeed seem to differentiate
> betwen an unset option and an option set to 0. I'll poke a bit futher
> to find where to put your suggested hack, but I have to run now.
Hi all,
There has been a lot of disucssion of how to resolve this bug,
which can be found at the following URL.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310982
I am pretty detached from this discussion, though it seems
to me that there is no particularly good solution for Sarge.
But the idea of disabling the use of CAP_UNIX if uid,gid,fmask or dmask
are specified does make sense to me. I have gone ahead and coded this
up in the surprisingly simple patch which is attached.
Samba people, my main question is, can smb_newconn() be called before
server.mnt.flags is set? If so my patch is invalid.
--
Horms
diff -pru kernel-source-2.4.27.orig/include/linux/smb_mount.h
kernel-source-2.4.27/include/linux/smb_mount.h
--- kernel-source-2.4.27.orig/include/linux/smb_mount.h 2004-02-18
22:36:32.000000000 +0900
+++ kernel-source-2.4.27/include/linux/smb_mount.h 2005-07-07
11:27:51.000000000 +0900
@@ -37,7 +37,9 @@ struct smb_mount_data {
#define SMB_MOUNT_OLDATTR 0x0002 /* Use core getattr (Win 95 speedup) */
#define SMB_MOUNT_DIRATTR 0x0004 /* Use find_first for getattr */
#define SMB_MOUNT_CASE 0x0008 /* Be case sensitive */
-
+#define SMB_MOUNT_NO_CAP_UNIX 0x0010 /* Hack for Debian to disable
+ SMB_CAP_UNIX if uid, gid, fmask
+ or dmask are set. See Bug#310982 */
struct smb_mount_data_kernel {
int version;
diff -pru kernel-source-2.4.27.orig/fs/smbfs/inode.c
kernel-source-2.4.27/fs/smbfs/inode.c
--- kernel-source-2.4.27.orig/fs/smbfs/inode.c 2004-02-18 22:36:31.000000000
+0900
+++ kernel-source-2.4.27/fs/smbfs/inode.c 2005-07-07 10:50:56.000000000
+0900
@@ -286,10 +286,10 @@ static struct option opts[] = {
{ "oldattr", SMB_MOUNT_OLDATTR, 1 },
{ "dirattr", SMB_MOUNT_DIRATTR, 1 },
{ "case", SMB_MOUNT_CASE, 1 },
- { "uid", 0, 'u' },
- { "gid", 0, 'g' },
- { "file_mode", 0, 'f' },
- { "dir_mode", 0, 'd' },
+ { "uid", SMB_MOUNT_NO_CAP_UNIX, 'u' },
+ { "gid", SMB_MOUNT_NO_CAP_UNIX, 'g' },
+ { "file_mode", SMB_MOUNT_NO_CAP_UNIX, 'f' },
+ { "dir_mode", SMB_MOUNT_NO_CAP_UNIX, 'd' },
{ "iocharset", 0, 'i' },
{ "codepage", 0, 'c' },
{ "ttl", 0, 't' },
diff -pru kernel-source-2.4.27.orig/fs/smbfs/proc.c
kernel-source-2.4.27/fs/smbfs/proc.c
--- kernel-source-2.4.27.orig/fs/smbfs/proc.c 2005-05-19 19:29:38.000000000
+0900
+++ kernel-source-2.4.27/fs/smbfs/proc.c 2005-07-07 10:49:35.000000000
+0900
@@ -916,7 +916,8 @@ smb_newconn(struct smb_sb_info *server,
VERBOSE("LFS enabled\n");
}
#ifndef CONFIG_SMB_UNIX
- server->opt.capabilities &= ~SMB_CAP_UNIX;
+ if (!server->mnt.flags & SMB_MOUNT_NO_CAP_UNIX)
+ server->opt.capabilities &= ~SMB_CAP_UNIX;
#endif
if (server->opt.capabilities & SMB_CAP_UNIX) {
struct inode *inode;
