Bug 218592 - CVE-2006-5871 smbfs uid/gid/mode mount opts ignored
Summary: CVE-2006-5871 smbfs uid/gid/mode mount opts ignored
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel
Version: 3.0
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Brian Brock
URL:
Whiteboard: impact=low,source=vendorsec,reported=...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-06 10:36 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version: U8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-20 19:43:21 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Marcel Holtmann 2006-12-06 10:36:35 UTC
The smbfs kernel module do not honor uid, gid, file_mode and dir_mode supplied
by user during mount.

http://linux.bkbits.net:8080/linux-2.6/cset@41752f820crlhkG3FzR1EMmg1OxskA

Comment 4 RHEL Program Management 2007-03-14 22:05:17 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 6 Steve Dickson 2007-03-20 15:22:51 UTC
Taking a closer look it appear RHEL3 does not have 
problem, for a couple of reasons. One, this is a patch
to the UNIX capabilities code and that capability 
does not exist in the RHEL3 version. 

Secondly, it appears the uid, gid and mode are 
(at least initially) *always* set to the uid, gid
and mode that are passed down from the mount. 
So I don't see how they are being ignored.



Comment 8 Ernie Petrides 2007-03-20 19:43:21 UTC
Closing based on last two comments.


Note You need to log in before you can comment on or make changes to this bug.