Bug 218592 - CVE-2006-5871 smbfs uid/gid/mode mount opts ignored
CVE-2006-5871 smbfs uid/gid/mode mount opts ignored
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Steve Dickson
Brian Brock
impact=low,source=vendorsec,reported=...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-06 05:36 EST by Marcel Holtmann
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: U8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-20 15:43:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Marcel Holtmann 2006-12-06 05:36:35 EST
The smbfs kernel module do not honor uid, gid, file_mode and dir_mode supplied
by user during mount.

http://linux.bkbits.net:8080/linux-2.6/cset@41752f820crlhkG3FzR1EMmg1OxskA
Comment 4 RHEL Product and Program Management 2007-03-14 18:05:17 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 6 Steve Dickson 2007-03-20 11:22:51 EDT
Taking a closer look it appear RHEL3 does not have 
problem, for a couple of reasons. One, this is a patch
to the UNIX capabilities code and that capability 
does not exist in the RHEL3 version. 

Secondly, it appears the uid, gid and mode are 
(at least initially) *always* set to the uid, gid
and mode that are passed down from the mount. 
So I don't see how they are being ignored.

Comment 8 Ernie Petrides 2007-03-20 15:43:21 EDT
Closing based on last two comments.

Note You need to log in before you can comment on or make changes to this bug.