Samba: No mount as user.
Posted by coldtobi | 5 Apr, 2010, 22:48For security reasons (CVE-2009-2948) samba ceases to support setuid mount.cifs. Until at least a proper fix has been generated (saw patches for them, but at least in Debian they are not or defunc (Patches: http://archives.free.net.ph/message/20100326.142523.e959e38d.en.html, details of the problem http://www.samba.org/samba/security/CVE-2009-2948.html )
(IMHO the CVE is valid, but only makes sense in an multi-user enviorment and if you want to store your passwords in some files. Both are false for me. )
However, I need a working system. The other option is waiting until upstreams deciding what's better for me -- a security problem not touching my samba usage or no service at all. (Yes, I'm a little upset by this -- hitten cold by this "improvement" and finding out that they indeed choosen a way to "fix" it by disabling the execution at all. When I read the CVE notice from samba, it could also be done to disable the offending "information leaking" command options when run setuid... Well.)
Well *taking deep breath* lets stop ranting:
The quick-and-dirty do-as-before repair is to disable the setuid check.
For this -- using debian apt-get source cifs-utils (also build-dependencies) and edit the mount.cifs.c file at line 88 so it reads:
#define CIFS_DISABLE_SETUID_CHECK 1
dpkg-buildpackage -us -uc
and install the generated package, and enjoy your working-again version.
<—&mdash Showing ERROR? Click here!
General | Comments (0) | Trackbacks (0)
Related Articles:
- [Updated] La Fonera: A bunch of Autoupdates (to 0.7.2.2)
- La Fonera: Autoupdate to 0.7.1.5
- Debian OpenSSL vulnerability: Check your installation/keys
- Updating avr-gcc, binutils to get the devices [update: now also includes deb files]
- Libucommon for debian
