diff options
author | Steve French <sfrench@samba.org> | 2003-08-16 03:32:45 +0000 |
---|---|---|
committer | Steve French <sfrench@samba.org> | 2003-08-16 03:32:45 +0000 |
commit | fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6 (patch) | |
tree | bd76e35114c6e7a7c54442d571e4baa59d03b3f8 /source3/client | |
parent | 3a052c9e0a62c1f8ddf4c2e509cff52a4d157d21 (diff) | |
download | samba-fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6.tar.gz samba-fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6.tar.bz2 samba-fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6.zip |
Fixes to all mount.cifs to run more safely setuid
(This used to be commit bdb65b9a6e033ca25d98e924d44b1639dd0c0fb9)
Diffstat (limited to 'source3/client')
-rwxr-xr-x | source3/client/mount.cifs.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index 9592dbdf96..6bd8c0f008 100755 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -32,6 +32,15 @@ static char * user_name = NULL; char * mountpassword = NULL; +/* BB finish BB + + cifs_umount + open nofollow - avoid symlink exposure? + get owner of dir see if matches self or if root + call system(umount argv) etc. + +BB end finish BB */ + void mount_cifs_usage() { printf("\nUsage: %s remotetarget dir\n", thisprogram); @@ -446,18 +455,28 @@ int main(int argc, char ** argv) /* canonicalize the path in argv[1]? */ + /* BB save off path and pop after mount returns */ + if(chdir(mountpoint)) { + printf("mount error: can not change directory into mount target %s\n",mountpoint); + } + if(stat (mountpoint, &statbuf)) { printf("mount error: mount point %s does not exist\n",mountpoint); return -1; } + if (S_ISDIR(statbuf.st_mode) == 0) { printf("mount error: mount point %s is not a directory\n",mountpoint); return -1; } - if(geteuid()) { - printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n"); - return -1; + if((getuid() != 0) && (geteuid() == 0)) { + if((statbuf.st_uid == getuid()) && (S_IRWXU == statbuf.st_mode & S_IRWXU)) { + printf("setuid mount allowed\n"); + } else { + printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n"); + return -1; + } } ipaddr = parse_server(share_name); |