From patchwork Fri Mar 26 14:25:42 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 48651 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.samba.org (fn.samba.org [216.83.154.106]) by ozlabs.org (Postfix) with ESMTP id 3AFC3B7C09 for ; Sat, 27 Mar 2010 01:26:32 +1100 (EST) Received: from fn.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id EF8E24666C; Fri, 26 Mar 2010 08:26:31 -0600 (MDT) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=3.8 tests=AWL, BAYES_00, RCVD_IN_DNSWL_HI, SPF_HELO_PASS,SPF_NEUTRAL autolearn=ham version=3.2.5 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by lists.samba.org (Postfix) with ESMTP id 52B9646656 for ; Fri, 26 Mar 2010 08:25:53 -0600 (MDT) Received: from int-mx05.intmail.prod.int.phx2.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.18]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2QEPqtJ020166 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 26 Mar 2010 10:25:52 -0400 Received: from localhost.localdomain (vpn-10-105.rdu.redhat.com [10.11.10.105]) by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o2QEPdCo026868 for ; Fri, 26 Mar 2010 10:25:51 -0400 From: Jeff Layton To: linux-cifs-client@lists.samba.org Date: Fri, 26 Mar 2010 10:25:42 -0400 Message-Id: <1269613542-6402-20-git-send-email-jlayton@samba.org> In-Reply-To: <1269613542-6402-1-git-send-email-jlayton@samba.org> References: <1269613542-6402-1-git-send-email-jlayton@samba.org> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.18 Subject: [linux-cifs-client] [PATCH 19/19] mount.cifs: re-enable setuid usage X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-cifs-client-bounces@lists.samba.org Errors-To: linux-cifs-client-bounces@lists.samba.org From: Jeff Layton Now that mount.cifs is safe(r) we don't need to disable setuid capability by default. Signed-off-by: Jeff Layton --- mount.cifs.c | 45 ++++++++++++++++++--------------------------- 1 files changed, 18 insertions(+), 27 deletions(-) diff --git a/mount.cifs.c b/mount.cifs.c index bcbeb88..5eda13b 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -100,14 +100,12 @@ /* * mount.cifs has been the subject of many "security" bugs that have arisen - * because of users and distributions installing it as a setuid root program. - * mount.cifs has not been audited for security. Thus, we strongly recommend - * that it not be installed setuid root. To make that abundantly clear, - * mount.cifs now check whether it's running setuid root and exit with an - * error if it is. If you wish to disable this check, then set the following - * #define to 1, but please realize that you do so at your own peril. + * because of users and distributions installing it as a setuid root program + * before it had been audited for security holes. The default behavior is + * now to allow mount.cifs to be run as a setuid root program. Some admins + * may want to disable this fully, so this switch remains in place. */ -#define CIFS_DISABLE_SETUID_CHECK 0 +#define CIFS_DISABLE_SETUID_CAPABILITY 0 /* * When an unprivileged user runs a setuid mount.cifs, we set certain mount @@ -138,26 +136,24 @@ const char *cifs_fstype = "cifs"; static int parse_unc(const char *unc_name, struct parsed_mount_info *parsed_info); -#if CIFS_DISABLE_SETUID_CHECK -static int check_setuid(void) -{ - return 0; -} -#else /* CIFS_DISABLE_SETUID_CHECK */ static int check_setuid(void) { + if (geteuid()) { + fprintf(stderr, "This program is not installed setuid root - " + " \"user\" CIFS mounts not supported.\n"); + return EX_USAGE; + } + +#if CIFS_DISABLE_SETUID_CAPABILITY if (getuid() && !geteuid()) { printf("This mount.cifs program has been built with the " - "ability to run as a setuid root program disabled.\n" - "mount.cifs has not been well audited for security " - "holes. Therefore the Samba team does not recommend " - "installing it as a setuid root program.\n"); - return 1; + "ability to run as a setuid root program disabled.\n"); + return EX_USAGE; } +#endif /* CIFS_DISABLE_SETUID_CHECK */ return 0; } -#endif /* CIFS_DISABLE_SETUID_CHECK */ static int check_fstab(const char *progname, const char *mountpoint, const char *devname, @@ -1339,19 +1335,14 @@ int main(int argc, char **argv) pid_t pid; uid_t uid; - if (check_setuid()) - return EX_USAGE; + rc = check_setuid(); + if (rc) + return rc; rc = drop_capabilities(1); if (rc) return EX_SYSERR; - if (geteuid()) { - fprintf(stderr, "%s: not installed setuid root - \"user\" " - "CIFS mounts not supported.", thisprogram); - return EX_FAIL; - } - /* setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); */