From owner-freebsd-ports Mon Jun 4 17:40: 6 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id CB51137B406 for ; Mon, 4 Jun 2001 17:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f550e1L38833; Mon, 4 Jun 2001 17:40:01 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 424C137B403 for ; Mon, 4 Jun 2001 17:39:33 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f550dXY38796; Mon, 4 Jun 2001 17:39:33 -0700 (PDT) (envelope-from nobody) Message-Id: <200106050039.f550dXY38796@freefall.freebsd.org> Date: Mon, 4 Jun 2001 17:39:33 -0700 (PDT) From: clary@csee.uq.edu.au To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: ports/27883: shares mounted by the smbfs-1.4.1 port are writeable by all users Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27883 >Category: ports >Synopsis: shares mounted by the smbfs-1.4.1 port are writeable by all users >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 04 17:40:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Clary Harridge >Release: FreeBSD 4.3-STABLE >Organization: University of Queensland >Environment: FreeBSD c1.csee.uq.edu.au 4.3-STABLE FreeBSD 4.3-STABLE #2: Thu May 17 09:27:27 EST 2001 root@c1.csee.uq.edu.au:/usr/src/sys/compile/C1 i386 >Description: With smbfs-1.4.1 installed on a FreeBSD 4.3-STABLE client, when a samba share is mounted on the client. Any user logged into the client can write to the share mounted by mount_smbfs >How-To-Repeat: /etc/fstab contains //clary@raid/homes /mnt/clary smbfs rw,noauto,nosuid 0 0 As another user cd /mnt/clary c1:/mnt/clary whoami clary2 c1:/mnt/clary mkdir test c1:/mnt/clary cp /etc/motd test c1:/mnt/clary cat /etc/motd >> test/motd test/motd: Permission denied. c1:/mnt/clary rm test/motd override rwxr-xr-x clary/users for test/motd? y rm: test/motd: Permission denied c1:/mnt/clary ls -gl test/motd -rwxr-xr-x 1 clary users 1111 Jun 5 10:28 test/motd So another user can make directories and new files but cannot remove or modify existing files. It seems that the correct creation privilege is not being checked prior to doing the create. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message