From e4bd1535a1ccf085ccc8f03c2bac307c34f0fd37 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 25 Sep 2009 07:03:44 -0400 Subject: [PATCH] mount.cifs: check access of credential files before opening It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers Signed-off-by: Jeff Layton Acked-by: Steve French --- source/client/mount.cifs.c | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index d05115b..cee9188 100644 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -199,6 +199,11 @@ static int open_cred_file(char * file_name) char * temp_val; FILE * fs; int i, length; + + i = access(file_name, R_OK); + if (i) + return i; + fs = fopen(file_name,"r"); if(fs == NULL) return errno; @@ -321,6 +326,12 @@ static int get_password_from_file(int file_descript, char * filename) } if(filename != NULL) { + rc = access(filename, R_OK); + if (rc) { + fprintf(stderr, "mount.cifs failed: access check of %s failed: %s\n", + filename, strerror(errno)); + exit(EX_SYSERR); + } file_descript = open(filename, O_RDONLY); if(file_descript < 0) { printf("mount.cifs failed. %s attempting to open password file %s\n", -- 1.6.0.6