From 0522ef4ec04b0a24cd8adc660cfc24f384489c18 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 28 Mar 2012 11:18:59 -0400 Subject: [PATCH] mount.cifs: don't enable CAP_DAC_READ_SEARCH before chdir for non-root users An attacker could use the fact that we chdir into the mountpoint early with elevated privileges in order to gather information about dentries that live in directories to which he has no access. In order to prevent that, don't reacquire CAP_DAC_READ_SEARCH prior to doing the chdir() if the real uid is non-root. This should prevent any information disclosure when mount.cifs is built with support for capabilities, but distros that don't have that will still be vulnerable and should probably not install mount.cifs setuid root. Signed-off-by: Jeff Layton --- mount.cifs.c | 18 ++++++++++++------ 1 files changed, 12 insertions(+), 6 deletions(-) diff --git a/mount.cifs.c b/mount.cifs.c index c0aea35..9aa4a73 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -1953,9 +1953,12 @@ int main(int argc, char **argv) mountpoint = argv[optind + 1]; /* chdir into mountpoint as soon as possible */ - rc = toggle_dac_capability(0, 1); - if (rc) - return rc; + if (!getuid()) { + rc = toggle_dac_capability(0, 1); + if (rc) + return rc; + } + rc = chdir(mountpoint); if (rc) { fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint, @@ -1971,9 +1974,12 @@ int main(int argc, char **argv) rc = EX_SYSERR; goto mount_exit; } - rc = toggle_dac_capability(0, 0); - if (rc) - return rc; + + if (!getuid()) { + rc = toggle_dac_capability(0, 0); + if (rc) + return rc; + } /* * mount.cifs does privilege separation. Most of the code to handle -- 1.7.7.6