From b6d2d91df012f965f29ba26489aca009712a230c Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Tue, 8 Feb 2011 15:33:09 -0500 Subject: mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2) It's possible that the user is trying to mount onto a directory to which he doesn't have execute perms. If that's the case then the mount will currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before calling mount(2). That will ensure that the kernel's permissions check for this is bypassed. Reported-by: Erik Logtenberg Signed-off-by: Jeff Layton Reviewed-by: Steve French --- mount.cifs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'mount.cifs.c') diff --git a/mount.cifs.c b/mount.cifs.c index 3a2b539..8e1e32b 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -1898,8 +1898,13 @@ mount_retry: else fstype = cifs_fstype; - if (!parsed_info->fakemnt - && mount(dev_name, ".", fstype, parsed_info->flags, options)) { + if (!parsed_info->fakemnt) { + toggle_dac_capability(0, 1); + rc = mount(dev_name, ".", fstype, parsed_info->flags, options); + toggle_dac_capability(0, 0); + if (rc == 0) + goto do_mtab; + switch (errno) { case ECONNREFUSED: case EHOSTUNREACH: @@ -1934,6 +1939,7 @@ mount_retry: goto mount_exit; } +do_mtab: if (!parsed_info->nomtab && !mtab_unusable()) rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype); -- cgit v1.2.3