Re: [PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)

[Sachin Prabhu <sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]

On Fri, 2016-07-29 at 14:11 +0100, Sachin Prabhu wrote:
> On Fri, 2016-06-10 at 17:16 +0200, Aurélien Aptel wrote:
> > 
> > On Thu, 9 Jun 2016 21:27:34 +0200 Marcus Hoffmann
> > <marcus.hoffmann-j/7cz5qe3tpn68oJJulU0Q@public.gmane.org> wrote:
> > > 
> > > 
> > > Hey Aurélien,
> > > with your script I can reproduce the bug locally now.
> > Good.
> > 
> > > 
> > > 
> > > I can mount the share (which is on a Windows 8.1 vm) with a
> > > Windows
> > > 7
> > > PC with the restricted user account. (Even in hard mode.)
> > > I can mount the share from Linux-cifs using the admin user but
> > > not
> > > the
> > > restricted user.
> > I've moved some things around. All of the prefix path components
> > are
> > now checked for accessibility in cifs_do_mount(). This is more
> > robust and it lets us set the CIFS_MOUNT_USE_PREFIX_PATH flag
> > earlier.
> > 
> > I've updated the cifs_root_iget() to use the prefix path when
> > necessary
> > which should take care of the last case (hard mode).
> > 
> > Please test my latest patch (attached).
> > 
> > > 
> > > 
> > > (I noticed though that no user has access to the file in the
> > > shared
> > > dir. But this doesn't really matter for the test.)
> > Indeed.
> > 
> 
> Hello,
> 
> Sorry for the late reply but this has to be a NACK from me.
> 
> We need to check for CIFS_MOUNT_USE_PREFIX_PATH
> and if set, check cifs_sb->prepath for both old and new
> in cifs_match_super().
> 
> Else we have the following bug:
> 
> Consider 2 different mounts on a server where root access is limited.
> I
> used the reproducer for this case but simply created a separate
> folder
> in the root directory to which the user has access. I then attempt to
> mount the 2 separate folders in 2 different locations.
> 
> # mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
> 52/test2/sub/dir /mnt
> # mount -t cifs -vvv -o username=wintest1,password=xxx //vm140-
> 52/test2/sub2/ /mnt2
> 
> # grep mnt /proc/mounts
> //vm140-52/test2/sub/dir /mnt cifs
> rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0
> ,n
> oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mod
> e=
> 0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=
> 60
> ,actimeo=1 0 0
> //vm140-52/test2/sub2/ /mnt2 cifs
> rw,relatime,vers=1.0,cache=strict,username=wintest1,domain=ENG1,uid=0
> ,n
> oforceuid,gid=0,noforcegid,addr=192.168.140.52,file_mode=0755,dir_mod
> e=
> 0755,nounix,serverino,mapposix,rsize=61440,wsize=16580,echo_interval=
> 60
> ,actimeo=1 0 0
> 
> but since we do not compare the prepath, we end up with the same
> share
> mounted at both mount points. This is the share mounted first.
> 
> To confirm.
> 
> # date >/mnt/test
> # cat /mnt/test /mnt2/test
> Fri 29 Jul 14:05:19 BST 2016
> Fri 29 Jul 14:05:19 BST 2016
> 
> Steve, 
> 
> Can you recall the earlier patch or should I write a fix for this?
> 
> Sachin Prabhu

This bug in the patch was masked by another issue which was fixed by
the patch

cifs: unbreak TCP session reuse
by Rabin Vincent which has been posted to go into upstream at the same
time as this patch.

Sachin Prabhu