Bug 1069066 (CVE-2014-2079) - CVE-2014-2079 xfe: directory masks ignored when creating new files on Samba and NFS
Summary: CVE-2014-2079 xfe: directory masks ignored when creating new files on Samba a...
Status: NEW
Alias: CVE-2014-2079
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140219,repor...
Keywords: Security
Depends On: 1069067
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-24 05:32 UTC by Murray McAllister
Modified: 2015-01-05 16:58 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Murray McAllister 2014-02-24 05:32:24 UTC
Robert Rottscholl reported that when creating a new file via X File Explorer (xfe) on a Samba or NFS share, the user's mask was used for the permissions instead of that specified by the Samba or NFS configuration (such as Samba's "create mask" configuration option). This could give users access to files they would otherwise be unable to access.

Patches are available from the original report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536

From brief testing on Fedora with Samba and the "create mask" option, this only presented when running xfe as the root user. The intended mask was used when running xfe as an unprivileged user.

Comment 1 Murray McAllister 2014-02-24 05:33:32 UTC
Created xfe tracking bugs for this issue:

Affects: fedora-all [bug 1069067]

Comment 2 Murray McAllister 2014-02-24 05:42:10 UTC
CVE request: http://www.openwall.com/lists/oss-security/2014/02/24/2

Comment 3 Mamoru TASAKA 2014-02-24 12:28:15 UTC
??? 
So this just means that root can freely change umask and create files with such umask on samba?

Comment 4 Mamoru TASAKA 2014-02-24 13:31:13 UTC
So this seems to be just saying:

* Program A explicitly tries to set umask as user requested for file
  manipulation. Filesystem may partially reject it and may set more restricted
  umask, but that is just as such filesystem does so and Program A just
  accepts that. Program A then just continue to do following file manipulation.

In my opinion this is valid behavior for Program A. The issue written on
this bug is just the "opinion" or "policy" of you and something other
than "security issue" IMO.

Comment 5 Mamoru TASAKA 2014-02-24 14:25:25 UTC
Perhaps I won't change this unless the upstream changes, even if CVE is assigned.

Comment 6 Murray McAllister 2014-02-26 03:10:31 UTC
(In reply to Mamoru TASAKA from comment #5)
> Perhaps I won't change this unless the upstream changes, even if CVE is
> assigned.

Thanks for looking at this. I trust your opinion and analysis so I do not mind if you do not fix the bug.


Note You need to log in before you can comment on or make changes to this bug.