Reviewed-by: Steve French <sfrench@xxxxxxxxxx>
On Tue, Feb 8, 2011 at 2:02 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote:
> It's possible that the user is trying to mount onto a directory to which
> he doesn't have execute perms. If that's the case then the mount will
> currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
> calling mount(2). That will ensure that the kernel's permissions check
> for this is bypassed.
>
> Reported-by: Erik Logtenberg <erik@xxxxxxxxxxxxx>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
> ---
> mount.cifs.c | 10 ++++++++--
> 1 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/mount.cifs.c b/mount.cifs.c
> index 3a2b539..8e1e32b 100644
> --- a/mount.cifs.c
> +++ b/mount.cifs.c
> @@ -1898,8 +1898,13 @@ mount_retry:
> else
> fstype = cifs_fstype;
>
> - if (!parsed_info->fakemnt
> - && mount(dev_name, ".", fstype, parsed_info->flags, options)) {
> + if (!parsed_info->fakemnt) {
> + toggle_dac_capability(0, 1);
> + rc = mount(dev_name, ".", fstype, parsed_info->flags, options);
> + toggle_dac_capability(0, 0);
> + if (rc == 0)
> + goto do_mtab;
> +
> switch (errno) {
> case ECONNREFUSED:
> case EHOSTUNREACH:
> @@ -1934,6 +1939,7 @@ mount_retry:
> goto mount_exit;
> }
>
> +do_mtab:
> if (!parsed_info->nomtab && !mtab_unusable())
> rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype);
>
> --
> 1.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
