After posting the smbmount.sh script last night, I realized that
there were some serious security ramifications in some command redirects
on systems with users who like to play silly buggers with symlinks in /tmp.
I don't have any such users on my system so I'll use that as my excuse
for making such an incredibly stupid mistake. Since the script ends up
running as root, the possiblity for mayhem is rife and I should be
more careful.
Anyone interesting in using the smbmount.sh script, please apply the
attached patch or download the new version from my website.
You can get the script at http://www.wittsend.com/mhw/smbmount.html
Sorry for the mistake. Since I work in security, I really REALLY
should have known better. Mea Culpa!
P.S. This fix gave me a clue to the strange failure messages I
was seeing when the command seems to have succeeded anyways. Seems like
autofs is attempting to mount the smbfs mount point several times. The
first time succeeds and the subsequent attempts fail with a mount point
or resource busy. Very strange. Does no harm but is as ugly as all get
out. Anyone familiar with the autofs internals like to take a look at why
that's happening???
To the Samba team... This multiple mount error would seem like
some sort of timing error and may be from the samba smbmount program going
"daemon". It calls daemonize to fork itself into the background - do we
REALLY want to do that? It would seem like the smbmount program would then
return before the mount was really ready and autofs would then try again,
and again, till it was mounted and ready... Just a thought. Still
investigating.
Regards,
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!============================================================================ --- smbmount.sh.old Wed Jun 10 09:22:23 1998 +++ smbmount.sh Wed Jun 10 09:45:50 1998 @@ -11,6 +11,8 @@ # I needed something like this because I have systems which use # autofs and which can switch between 2.0 kernels and 2.1 kernels. +# Refer: http://www.wittsend.com/smbmount.html + # Michael H. Warfield, mhw@wittsend.com 6/9/1998 # Free to use - enjoy - just don't blame me... :-) @@ -24,6 +26,13 @@ # # Make sure you delete any copies of smbmount from /usr/bin ! +# Version History +# Version 0.2 06/10/1998 -mhw- +# Fixed stupid mistake in redirects that can cause +# symlink security mayhem +# Version 0.1 06/09/1998 -mhw- +# First cut and posting + # Which version case `uname -r` in 1.*) @@ -117,5 +126,20 @@ # program wanting stderr for something and it not being there when # forked from autofs... Still poking at that one... -exec /usr/sbin/smbmount.samba $SERVICE "$PASSWORD" $NOPASS $OPTIONS -c "mount $MOUNTPOINT $SMBUID $SMBGID" < /dev/null > /tmp/smbmount.out 2> /tmp/smbmount.err +# Next five lines are for silly buggers who love to play with /tmp symlinks +set noclobber +rm -rf /tmp/smbmount.$$ +mkdir /tmp/smbmount.$$ || exit 255 +chmod 0 /tmp/smbmount.$$ || exit 255 +rm -f /tmp/smbmount.$$/* + +/usr/sbin/smbmount.samba $SERVICE "$PASSWORD" $NOPASS $OPTIONS -c "mount $MOUNTPOINT $SMBUID $SMBGID" < /dev/null > /tmp/smbmount.$$/smbmount.out 2>&1 +EXITCODE=$? + +# This will get the smbmount output to syslog as autofs intended... +cat /tmp/smbmount.$$/smbmount.out +# Clean up strays after us (comment this out if you want to leave the logs) +rm -rf /tmp/smbmount.$$ + +exit $EXITCODE
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu