Bug 1069066 (CVE-2014-2079)

Summary: CVE-2014-2079 xfe: directory masks ignored when creating new files on Samba and NFS
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mtasaka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:31:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1069067    
Bug Blocks:    

Description Murray McAllister 2014-02-24 05:32:24 UTC 
Robert Rottscholl reported that when creating a new file via X File Explorer (xfe) on a Samba or NFS share, the user's mask was used for the permissions instead of that specified by the Samba or NFS configuration (such as Samba's "create mask" configuration option). This could give users access to files they would otherwise be unable to access.

Patches are available from the original report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536

From brief testing on Fedora with Samba and the "create mask" option, this only presented when running xfe as the root user. The intended mask was used when running xfe as an unprivileged user.
Comment 1 Murray McAllister 2014-02-24 05:33:32 UTC 
Created xfe tracking bugs for this issue:

Affects: fedora-all [bug 1069067]
Comment 2 Murray McAllister 2014-02-24 05:42:10 UTC 
CVE request: http://www.openwall.com/lists/oss-security/2014/02/24/2
Comment 3 Mamoru TASAKA 2014-02-24 12:28:15 UTC 
??? 
So this just means that root can freely change umask and create files with such umask on samba?
Comment 4 Mamoru TASAKA 2014-02-24 13:31:13 UTC 
So this seems to be just saying:

* Program A explicitly tries to set umask as user requested for file
  manipulation. Filesystem may partially reject it and may set more restricted
  umask, but that is just as such filesystem does so and Program A just
  accepts that. Program A then just continue to do following file manipulation.

In my opinion this is valid behavior for Program A. The issue written on
this bug is just the "opinion" or "policy" of you and something other
than "security issue" IMO.
Comment 5 Mamoru TASAKA 2014-02-24 14:25:25 UTC 
Perhaps I won't change this unless the upstream changes, even if CVE is assigned.
Comment 6 Murray McAllister 2014-02-26 03:10:31 UTC 
(In reply to Mamoru TASAKA from comment #5)
> Perhaps I won't change this unless the upstream changes, even if CVE is
> assigned.

Thanks for looking at this. I trust your opinion and analysis so I do not mind if you do not fix the bug.
Comment 8 Product Security DevOps Team 2019-06-08 02:31:44 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.