From nobody@FreeBSD.org  Mon Jun  4 17:39:33 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 424C137B403
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Jun 2001 17:39:33 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.3/8.11.3) id f550dXY38796;
	Mon, 4 Jun 2001 17:39:33 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200106050039.f550dXY38796@freefall.freebsd.org>
Date: Mon, 4 Jun 2001 17:39:33 -0700 (PDT)
From: clary@csee.uq.edu.au
To: freebsd-gnats-submit@FreeBSD.org
Subject: shares mounted by the smbfs-1.4.1 port are writeable by all users
X-Send-Pr-Version: www-1.0

>Number:         27883
>Category:       ports
>Synopsis:       shares mounted by the smbfs-1.4.1 port are writeable by all users
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bp
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 04 17:40:01 PDT 2001
>Closed-Date:    Tue Apr 23 06:59:00 PDT 2002
>Last-Modified:  Tue Apr 23 06:59:00 PDT 2002
>Originator:     Clary Harridge
>Release:        FreeBSD 4.3-STABLE
>Organization:
University of Queensland
>Environment:
FreeBSD c1.csee.uq.edu.au 4.3-STABLE FreeBSD 4.3-STABLE #2: Thu May 17 09:27:27 EST 2001     root@c1.csee.uq.edu.au:/usr/src/sys/compile/C1  i386
>Description:
With smbfs-1.4.1 installed on a FreeBSD 4.3-STABLE client,
when a samba share is mounted on the client. Any user logged into 
the client can write to the share mounted by mount_smbfs


>How-To-Repeat:
/etc/fstab contains
  //clary@raid/homes      /mnt/clary      smbfs   rw,noauto,nosuid        0      0
As another user
  cd /mnt/clary
c1:/mnt/clary <tcsh> whoami
clary2
c1:/mnt/clary <tcsh> mkdir test
c1:/mnt/clary <tcsh> cp /etc/motd test
c1:/mnt/clary <tcsh> cat /etc/motd >> test/motd
test/motd: Permission denied.
c1:/mnt/clary <tcsh> rm test/motd
override rwxr-xr-x  clary/users for test/motd? y
rm: test/motd: Permission denied
c1:/mnt/clary <tcsh> ls -gl test/motd
-rwxr-xr-x  1 clary  users  1111 Jun  5 10:28 test/motd

So another user can make directories and new files 
but cannot remove or modify existing files.

It seems that the correct creation privilege is not being checked
prior to doing the create.
>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->bp@freebsd.org 
Responsible-Changed-By: bp 
Responsible-Changed-When: Mon Jun 4 21:43:16 PDT 2001 
Responsible-Changed-Why:  
Will take a look at it. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27883 
Responsible-Changed-From-To: bp@freebsd.org->bp 
Responsible-Changed-By: ru 
Responsible-Changed-When: Tue Jul 3 07:06:35 PDT 2001 
Responsible-Changed-Why:  
Removed @freebsd.org so that peter's notification script handles this. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27883 
State-Changed-From-To: open->closed 
State-Changed-By: bp 
State-Changed-When: Tue Apr 23 06:57:23 PDT 2002 
State-Changed-Why:  
Fixed in -current and -stable. Thanks for reporting! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27883 
>Unformatted:
