smbmount (and ncpmount?)

David Holland (
Tue, 20 Aug 1996 19:19:58 -0400 (EDT)

smbmount has half a dozen possible buffer overruns. It also execs
modprobe setuid root; I believe this is likely to be a significant
hazard. Patches have been sent to the maintainer.

There's a more serious problem that more or less has to affect
ncpmount and any other similar program: there's a race condition
between when the mount point is checked for permission and when the
mount is performed. Thus anyone can mount shares anywhere by playing
symlink games, and of course become root about ten seconds later.

This problem cannot be fixed without updating the kernel - either the
permission check needs to be moved into the kernel, or the mount point
needs to be passed to the kernel as a fd instead of a pathname.

Myself, I prefer moving the permission check into the kernel; Ultrix
supported user NFS mounts that way long, long ago.

Recommendation: chmod -s smbmount and smbumount, and probably ncpmount

   - David A. Holland          | Number of words in the English language that  | exist because of typos or misreadings: 381