« Previous | Next»

Samba: No mount as user.

Posted by coldtobi | 5 Apr, 2010, 22:48

For security reasons (CVE-2009-2948) samba ceases to support setuid mount.cifs. Until at least a proper fix has been generated (saw patches for them, but at least in Debian they are not or defunc (Patches: http://archives.free.net.ph/message/20100326.142523.e959e38d.en.html, details of the problem http://www.samba.org/samba/security/CVE-2009-2948.html )

(IMHO the CVE is valid, but only makes sense in an multi-user enviorment and if you want to store your passwords in some files. Both are false for me. ) 

However, I need a working system. The other option is waiting until upstreams deciding what's better for me -- a security problem not touching my samba usage or no service at all. (Yes, I'm a little upset by this -- hitten cold by this "improvement" and finding out that they indeed choosen a way to "fix" it by disabling the execution at all. When I read the CVE notice from samba, it could also be done to disable the offending "information leaking" command options when run setuid... Well.)

Well *taking deep breath* lets stop ranting:


The quick-and-dirty do-as-before repair is to disable the setuid check. 

For this -- using debian apt-get source cifs-utils (also build-dependencies) and edit the mount.cifs.c file at line 88 so it reads:


dpkg-buildpackage -us -uc

and install the generated package, and enjoy your working-again version.


General | Comments (0) | Trackbacks (0)

Related Articles:

0 Comments | "Samba: No mount as user." »