[FreeNX-kNX] windows/osx shares fail to mount
chris at ccburton.com
chris at ccburton.com
Wed Jul 28 11:03:21 UTC 2010
chris at ccburton.com wrote on 28/07/2010 09:22:21:
[SNIP]
> and mount over something unfortunate.
>
> A better bodge would be a version of mount.cifs just for NX which
> doesn't prompt for password and so is safer for suid.
>
> This would reduce the time window for interupting it to milliseconds.
>
> Still not good, but it would defeat the script kiddies.
>
OK I had a try . . . "c" if it helps anyone . . .
samba-3.4.2-1.1.3.1
--- mount.cifs.c 2010-07-28 10:58:55.000000000 +0100
+++ mount.cifs-one-shot.c 2010-07-28 10:58:38.000000000 +0100
@@ -1342,6 +1342,7 @@
}
if(got_password == 0) {
+ exit(EX_USAGE);
char *tmp_pass = getpass("Password: "); /* BB obsolete sys
call but
no good
replacement yet. */
mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1);
The above bodge stops mount.cifs from halting to ask for a password,
whilst the bad guys change the mount point.
Compiled ok
so I created /usr/sbin/nx-mounts/ and copied new binary into it.
(plus also original umount.cifs)
Set binaries owned by root and suid.
-rwsr-sr-x 1 root root 39857 2010-07-28 11:23
/usr/sbin/nx-mounts/mount.cifs
-rwsr-sr-x 1 root root 14240 2010-07-28 11:23
/usr/sbin/nx-mounts/umount.cifs
Created group nx-mounts, changed directory ownership and set some
tight permissions
d---r-x--- 2 root nx-mounts 4096 2010-07-28 11:23 /usr/sbin/nx-mounts/
Added test user to group
As before, it mounts for an ordinary user if that user has write rights to
the mount point, but won't mount if they don't (just as before of course)
If you supply a full set of parameters, it mounts (in a fraction of a
second)
which will challenge any script-kiddie who has read the exploit and
fancies
setting it off then changing the mount point
If you don't supply a password, it just exits.
'course its not a fix, (and don't tell the samba people), but it is
probably
safer than sudo allowing mounting anywhere.
and
with sudo you have to allow your users to umount anything too.
with suid they can only umount things they own
So use it or ignore it as you please . . .
It will get you off the hook with the boss anyway, if he's heard about
this issue, or if you've just switched off his mapped share . . .
cb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20100728/8d14831d/attachment.html>
More information about the FreeNX-kNX
mailing list