rpms/cifs-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761)

Browse Source
This commit is contained in:
Jeff Layton 2011-02-08 15:08:59 -05:00
parent 09d8402d16
commit fe63fa41af
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cifs-utils.spec
View File

@ -3,7 +3,7 @@
Name: cifs-utils Name: cifs-utils
Version: 4.8.1 Version: 4.8.1
Release: 3%{pre_release}%{?dist} Release: 4%{pre_release}%{?dist}
Summary: Utilities for mounting and managing CIFS mounts Summary: Utilities for mounting and managing CIFS mounts
Group: System Environment/Daemons Group: System Environment/Daemons
@ -17,6 +17,7 @@ BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel a
Requires: keyutils Requires: keyutils
Patch0: mount.cifs-don-t-try-to-alter-mtab-if-it-s-a-symlink.patch Patch0: mount.cifs-don-t-try-to-alter-mtab-if-it-s-a-symlink.patch
Patch1: mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch
%description %description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@ -29,6 +30,7 @@ file system.
%prep %prep
%setup -q -n %{name}-%{version}%{pre_release} %setup -q -n %{name}-%{version}%{pre_release}
%patch0 -p1 %patch0 -p1
%patch1 -p1
%build %build
%configure --prefix=/usr %configure --prefix=/usr
@ -50,6 +52,9 @@ rm -rf %{buildroot}
%{_mandir}/man8/mount.cifs.8.gz %{_mandir}/man8/mount.cifs.8.gz
%changelog %changelog
* Tue Feb 08 2011 Jeff Layton <jlayton@redhat.com> 4.8.1-4
- mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761)
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.8.1-3 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

48
mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch Normal file
View File

@ -0,0 +1,48 @@
From 13a8647625d556e583abaff4ab248e465374f914 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Tue, 8 Feb 2011 15:01:37 -0500
Subject: [PATCH] mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2)
It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.
Reported-by: Erik Logtenberg <erik@logtenberg.eu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
---
mount.cifs.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/mount.cifs.c b/mount.cifs.c
index 3a2b539..8e1e32b 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1898,8 +1898,13 @@ mount_retry:
else
fstype = cifs_fstype;
- if (!parsed_info->fakemnt
- && mount(dev_name, ".", fstype, parsed_info->flags, options)) {
+ if (!parsed_info->fakemnt) {
+ toggle_dac_capability(0, 1);
+ rc = mount(dev_name, ".", fstype, parsed_info->flags, options);
+ toggle_dac_capability(0, 0);
+ if (rc == 0)
+ goto do_mtab;
+
switch (errno) {
case ECONNREFUSED:
case EHOSTUNREACH:
@@ -1934,6 +1939,7 @@ mount_retry:
goto mount_exit;
}
+do_mtab:
if (!parsed_info->nomtab && !mtab_unusable())
rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype);
--
1.7.4