[cifs-utils/f14/master] mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761)
Jeff Layton
jlayton at fedoraproject.org
Tue Feb 8 20:19:07 UTC 2011
commit 62040d2036723ef4bcfecfa462d2a2b107b2b917
Author: Jeff Layton <jlayton at redhat.com>
Date: Tue Feb 8 15:08:59 2011 -0500
mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761)
cifs-utils.spec | 7 +++-
...reacquire-CAP_DAC_READ_SEARCH-before-call.patch | 48 ++++++++++++++++++++
2 files changed, 54 insertions(+), 1 deletions(-)
---
diff --git a/cifs-utils.spec b/cifs-utils.spec
index a8c00f4..1a1036d 100644
--- a/cifs-utils.spec
+++ b/cifs-utils.spec
@@ -3,7 +3,7 @@
Name: cifs-utils
Version: 4.8.1
-Release: 3%{pre_release}%{?dist}
+Release: 4%{pre_release}%{?dist}
Summary: Utilities for mounting and managing CIFS mounts
Group: System Environment/Daemons
@@ -17,6 +17,7 @@ BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel a
Requires: keyutils
Patch0: mount.cifs-don-t-try-to-alter-mtab-if-it-s-a-symlink.patch
+Patch1: mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch
%description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@@ -29,6 +30,7 @@ file system.
%prep
%setup -q -n %{name}-%{version}%{pre_release}
%patch0 -p1
+%patch1 -p1
%build
%configure --prefix=/usr
@@ -50,6 +52,9 @@ rm -rf %{buildroot}
%{_mandir}/man8/mount.cifs.8.gz
%changelog
+* Tue Feb 08 2011 Jeff Layton <jlayton at redhat.com> 4.8.1-4
+- mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761)
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
diff --git a/mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch b/mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch
new file mode 100644
index 0000000..657b319
--- /dev/null
+++ b/mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch
@@ -0,0 +1,48 @@
+From 13a8647625d556e583abaff4ab248e465374f914 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton at samba.org>
+Date: Tue, 8 Feb 2011 15:01:37 -0500
+Subject: [PATCH] mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2)
+
+It's possible that the user is trying to mount onto a directory to which
+he doesn't have execute perms. If that's the case then the mount will
+currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
+calling mount(2). That will ensure that the kernel's permissions check
+for this is bypassed.
+
+Reported-by: Erik Logtenberg <erik at logtenberg.eu>
+Signed-off-by: Jeff Layton <jlayton at samba.org>
+---
+ mount.cifs.c | 10 ++++++++--
+ 1 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 3a2b539..8e1e32b 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -1898,8 +1898,13 @@ mount_retry:
+ else
+ fstype = cifs_fstype;
+
+- if (!parsed_info->fakemnt
+- && mount(dev_name, ".", fstype, parsed_info->flags, options)) {
++ if (!parsed_info->fakemnt) {
++ toggle_dac_capability(0, 1);
++ rc = mount(dev_name, ".", fstype, parsed_info->flags, options);
++ toggle_dac_capability(0, 0);
++ if (rc == 0)
++ goto do_mtab;
++
+ switch (errno) {
+ case ECONNREFUSED:
+ case EHOSTUNREACH:
+@@ -1934,6 +1939,7 @@ mount_retry:
+ goto mount_exit;
+ }
+
++do_mtab:
+ if (!parsed_info->nomtab && !mtab_unusable())
+ rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype);
+
+--
+1.7.4
+
More information about the scm-commits
mailing list