The Samba-Bugzilla – Attachment 14729 Details for
Bug 13699
Harden home directory export for [homes] share
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.7
eviluser.v4-7-test.patch (text/plain), 1.92 KB, created by
Andreas Schneider
on 2018-12-10 15:54:57 UTC
(
hide
)
Description:
patch for 4.7
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2018-12-10 15:54:57 UTC
Size:
1.92 KB
patch
obsolete
>From 23cafc72c48e82cffe6337d489b9cace1a748696 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 22 Nov 2018 18:23:24 +0100 >Subject: [PATCH] s3:smbd: Make sure we do not export "/" (root) as home dir >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >If "/" (root) is returned as the home directory, prevent exporting it. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Ralph Böhme <slow@samba.org> >(cherry picked from commit 99695528f7453023446956d5f8f0656574e243af) >--- > source3/param/service.c | 6 +++++- > source3/smbd/password.c | 7 +++++++ > 2 files changed, 12 insertions(+), 1 deletion(-) > >diff --git a/source3/param/service.c b/source3/param/service.c >index b21be6093d4..22f46f08894 100644 >--- a/source3/param/service.c >+++ b/source3/param/service.c >@@ -149,7 +149,11 @@ int find_service(TALLOC_CTX *ctx, const char *service_in, char **p_service_out) > DEBUG(3,("checking for home directory %s gave %s\n",*p_service_out, > phome_dir?phome_dir:"(NULL)")); > >- iService = add_home_service(*p_service_out,*p_service_out /* 'username' */, phome_dir); >+ if (!strequal(phome_dir, "/")) { >+ iService = add_home_service(*p_service_out, >+ *p_service_out, /* username */ >+ phome_dir); >+ } > } > > /* If we still don't have a service, attempt to add it as a printer. */ >diff --git a/source3/smbd/password.c b/source3/smbd/password.c >index edff5d9d2ec..831fe7628e2 100644 >--- a/source3/smbd/password.c >+++ b/source3/smbd/password.c >@@ -140,6 +140,13 @@ int register_homes_share(const char *username) > return -1; > } > >+ if (strequal(pwd->pw_dir, "/")) { >+ DBG_NOTICE("Invalid home directory defined for user '%s'\n", >+ username); >+ TALLOC_FREE(pwd); >+ return -1; >+ } >+ > DEBUG(3, ("Adding homes service for user '%s' using home directory: " > "'%s'\n", username, pwd->pw_dir)); > >-- >2.19.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14729">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review?
(
jra
)
Actions:
View
Attachments on
bug 13699
:
14727
|
14728
| 14729