https://bugzilla.samba.org/show_bug.cgi?id=14442 --- Comment #4 from Aurélien Aptel <aaptel@xxxxxxxxx> --- I think Paulo's patch idea is good, it fixes the shell injection issue. Some little changes are needed: - close(fd[0]) after read() - check return code of wait() and execlp() - exit(1) after execlp() regarding Vadim last comment: If you can change systemd-ask-password (it doesn't matter if its a shell script or not) or edit PATH to make it point to something else, no privilege escalation happens as mount.cifs drops setuid privileges in assemble_mountinfo(). You will have the same rights as you had before. But maybe I'm overlooking something, can you show an example scenario? -- You are receiving this mail because: You are the QA Contact for the bug.
