Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Jun 2001 17:39:33 -0700 (PDT)
From:      clary@csee.uq.edu.au
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/27883: shares mounted by the smbfs-1.4.1 port are writeable by all users
Message-ID:  <200106050039.f550dXY38796@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         27883
>Category:       ports
>Synopsis:       shares mounted by the smbfs-1.4.1 port are writeable by all users
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 04 17:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Clary Harridge
>Release:        FreeBSD 4.3-STABLE
>Organization:
University of Queensland
>Environment:
FreeBSD c1.csee.uq.edu.au 4.3-STABLE FreeBSD 4.3-STABLE #2: Thu May 17 09:27:27 EST 2001     root@c1.csee.uq.edu.au:/usr/src/sys/compile/C1  i386
>Description:
With smbfs-1.4.1 installed on a FreeBSD 4.3-STABLE client,
when a samba share is mounted on the client. Any user logged into 
the client can write to the share mounted by mount_smbfs


>How-To-Repeat:
/etc/fstab contains
  //clary@raid/homes      /mnt/clary      smbfs   rw,noauto,nosuid        0      0
As another user
  cd /mnt/clary
c1:/mnt/clary <tcsh> whoami
clary2
c1:/mnt/clary <tcsh> mkdir test
c1:/mnt/clary <tcsh> cp /etc/motd test
c1:/mnt/clary <tcsh> cat /etc/motd >> test/motd
test/motd: Permission denied.
c1:/mnt/clary <tcsh> rm test/motd
override rwxr-xr-x  clary/users for test/motd? y
rm: test/motd: Permission denied
c1:/mnt/clary <tcsh> ls -gl test/motd
-rwxr-xr-x  1 clary  users  1111 Jun  5 10:28 test/motd

So another user can make directories and new files 
but cannot remove or modify existing files.

It seems that the correct creation privilege is not being checked
prior to doing the create.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106050039.f550dXY38796>