summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorSteve French <sfrench@samba.org>2003-08-16 03:32:45 +0000
committerSteve French <sfrench@samba.org>2003-08-16 03:32:45 +0000
commitfac0ae14813a65b868aeee8cc1b3cdc0d0d505a6 (patch)
treebd76e35114c6e7a7c54442d571e4baa59d03b3f8 /source3
parent3a052c9e0a62c1f8ddf4c2e509cff52a4d157d21 (diff)
downloadsamba-fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6.tar.gz
samba-fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6.tar.bz2
samba-fac0ae14813a65b868aeee8cc1b3cdc0d0d505a6.zip
Fixes to all mount.cifs to run more safely setuid
(This used to be commit bdb65b9a6e033ca25d98e924d44b1639dd0c0fb9)
Diffstat (limited to 'source3')
-rwxr-xr-xsource3/client/mount.cifs.c25
1 files changed, 22 insertions, 3 deletions
diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c
index 9592dbdf96..6bd8c0f008 100755
--- a/source3/client/mount.cifs.c
+++ b/source3/client/mount.cifs.c
@@ -32,6 +32,15 @@ static char * user_name = NULL;
char * mountpassword = NULL;
+/* BB finish BB
+
+ cifs_umount
+ open nofollow - avoid symlink exposure?
+ get owner of dir see if matches self or if root
+ call system(umount argv) etc.
+
+BB end finish BB */
+
void mount_cifs_usage()
{
printf("\nUsage: %s remotetarget dir\n", thisprogram);
@@ -446,18 +455,28 @@ int main(int argc, char ** argv)
/* canonicalize the path in argv[1]? */
+ /* BB save off path and pop after mount returns */
+ if(chdir(mountpoint)) {
+ printf("mount error: can not change directory into mount target %s\n",mountpoint);
+ }
+
if(stat (mountpoint, &statbuf)) {
printf("mount error: mount point %s does not exist\n",mountpoint);
return -1;
}
+
if (S_ISDIR(statbuf.st_mode) == 0) {
printf("mount error: mount point %s is not a directory\n",mountpoint);
return -1;
}
- if(geteuid()) {
- printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n");
- return -1;
+ if((getuid() != 0) && (geteuid() == 0)) {
+ if((statbuf.st_uid == getuid()) && (S_IRWXU == statbuf.st_mode & S_IRWXU)) {
+ printf("setuid mount allowed\n");
+ } else {
+ printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n");
+ return -1;
+ }
}
ipaddr = parse_server(share_name);