From 3bc41da7958dbc409f3768a143b3b6349edd5639 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 30 Oct 2009 10:21:43 -0400 Subject: [PATCH] mount.cifs: don't allow it to be run as setuid root program ...unless someone consciously builds it with that check disabled. Signed-off-by: Jeff Layton --- client/mount.cifs.c | 36 ++++++++++++++++++++++++++++++++++++ 1 files changed, 36 insertions(+), 0 deletions(-) diff --git a/client/mount.cifs.c b/client/mount.cifs.c index fcddaa8..fc71ebd 100644 --- a/client/mount.cifs.c +++ b/client/mount.cifs.c @@ -89,6 +89,15 @@ #define MAX_ADDRESS_LEN INET6_ADDRSTRLEN /* + * mount.cifs has not been audited for security. Thus, we strongly recommend + * that it not be installed setuid root. To make that abundantly clear, + * mount.cifs now check whether it's running setuid root and exit with an + * error if it is. If you wish to disable this check, then set the following + * #define, but please realize that you do so at your own peril. + */ +#define CIFS_DISABLE_SETUID_CHECK 0 + +/* * By default, mount.cifs follows the conventions set forth by /bin/mount * for user mounts. That is, it requires that the mount be listed in * /etc/fstab with the "user" option when run as an unprivileged user and @@ -213,6 +222,29 @@ check_mountpoint(const char *progname, char *mountpoint) return 0; } +#if CIFS_DISABLE_SETUID_CHECK +static int +check_setuid(void) +{ + return 0; +} +#else /* CIFS_DISABLE_SETUID_CHECK */ +static int +check_setuid(void) +{ + if (getuid() && !geteuid()) { + printf("This mount.cifs program has been built with the " + "ability to run as a setuid root program disabled.\n" + "mount.cifs has not been well audited for security " + "holes. Therefore the Samba team does not recommend " + "installing it as a setuid root program.\n"); + return 1; + } + + return 0; +} +#endif /* CIFS_DISABLE_SETUID_CHECK */ + #if CIFS_LEGACY_SETUID_CHECK static int check_fstab(const char *progname, char *mountpoint, char *devname, @@ -1197,6 +1229,10 @@ int main(int argc, char ** argv) struct sockaddr_in6 *addr6; FILE * pmntfile; + if (check_setuid()) { + return EX_USAGE; + } + /* setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); */ -- 1.6.2.5