On Fri, 11 Mar 2011 12:29:17 +0300 Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote: > Hi to all! > > I faced with such a problem: > 1) user1 mounts a remote share with user=guest,pass=231 > 2) user2 mounts the same share with user=guest,pass=222(wrong > password) and succeed (!). > > The problem is that user2 doesn't know a true password of the share > but can mount it if user1 successfully mounted it with the true > password. > > Looking through the code I noticed that we don't have any checks in > find_smb_session for passwords - only username check. I think it's a > big security issue. > I think you must be looking at an old tree. See commit 4ff67b720c02c36e54d55b88c2931879b7db1cd2. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
