diff options
| author | Jeff Layton <jlayton@samba.org> | 2012-04-02 15:28:56 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2012-04-02 15:28:56 -0400 |
| commit | fd31a7c0ba7f1282d2d81193d4d100fdc926b99b (patch) | |
| tree | df6289dce94b47584638d0134bea85ee7eb0c524 /doc | |
| parent | c5dcf26c0d87d9e8342d2c946e039066de29d30a (diff) | |
| download | cifs-utils-fd31a7c0ba7f1282d2d81193d4d100fdc926b99b.tar.gz cifs-utils-fd31a7c0ba7f1282d2d81193d4d100fdc926b99b.tar.bz2 cifs-utils-fd31a7c0ba7f1282d2d81193d4d100fdc926b99b.zip | |
mount.cifs: don't allow unprivileged users to mount onto dirs to which they
can't chdir
If mount.cifs is installed as a setuid root program, then a user can
use it to gather information about files and directories to which he
does not have access.
One of the first things that mount.cifs does is to chdir() into the
mountpoint and then proceeds to perform the mount onto ".". A malicious
user could exploit this fact to determine information about directories
to which he does not have access. Specifically, whether the dentry in
question is a file or directory and whether it exists at all.
This patch fixes this by making the program switch the fsuid to the
real uid for unprivileged users when mounting.
Note that this is a behavior change. mount.cifs has in the past allowed
users to mount onto any directory as long as it's listed in /etc/fstab
as a user mount. With this change, the user must also be able to chdir
into the mountpoint without needing special privileges. Hopefully not
many people have such a pathological configuration.
This patch should fix CVE-2012-1586.
Reported-by: Jesus Olmos <jesus.olmos@blueliv.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions