Bug 275881 (CVE-2007-3740)
| Summary: | CVE-2007-3740 CIFS should honor umask | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marcel Holtmann <holtmann> |
| Component: | vulnerability | Assignee: | Jeff Layton <jlayton> |
| Status: | CLOSED ERRATA | QA Contact: | Martin Jenner <mjenner> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | coughlan, kreilly, staubach, steved |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-11-01 13:34:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 246667, 253314, 293121, 293131 | ||
| Bug Blocks: | |||
CIFS apparently does not currently honor the umask for a task. There's an upstream patch to make it do so: commit 3ce53fc4c57603d99c330a6ee2fe96d94f2d350f Author: Steve French <sfrench.com> Date: Fri Jun 8 14:55:14 2007 +0000 [CIFS] CIFS should honour umask This patch makes CIFS honour a process' umask like other filesystems. Of course the server is still free to munge the permissions if it wants to; but the client will send the "right" permissions to begin with. A few caveats: 1) It only applies to filesystems that have CAP_UNIX (aka support unix extensions) 2) It applies the correct mode to the follow up CIFSSMBUnixSetPerms() after remote creation When mode to CIFS/NTFS ACL mapping is complete we can do the same thing for that case for servers which do not support the Unix Extensions. Signed-off-by: Matt Keenen <matt> Signed-off-by: Steve French <sfrench.com>