Security issues has brought the Samba people to disable mount.cifs for non-privileged users even if the setuid bits are set. This patch gives users the option to still do this or use mount.cifs in a different setuid program (as I do). Reproducible: Always Steps to Reproduce: 1. mount.cifs something Actual Results: This mount.cifs program has been built with the ability to run as a setuid root program disabled. mount.cifs has not been well audited for security holes. Therefore the Samba team does not recommend installing it as a setuid root program. Expected Results: mounting of the requested smb share This bug looks a lot like bug 186383.
Created attachment 227893 [details, diff] patch used to change source such that setuid is allowed Used in new ebuild proposed in the next attachment
Created attachment 227895 [details, diff] Patch to change ebuild such that with use flag "setuid" set, the mount.cifs program is allowed to work with setuid This patch changes to ebuild 3.5.2 and adds an use flag "setuid" which used to apply attachment 227893 [details, diff] such that wanted feature is obtained. However, is does NOT actualy set the set-user-ID bit at mount.cifs and umount.cifs, but instead print a warning telling people that it should be done manually and refer to the security implications.
> > This bug looks a lot like bug 186383. > I ment bug 232608
thanks for that patch. personally i think it should automatically set suid on mount.cifs, becouse this is what user want by turning this flag on. it could of course print the security warning in addition
BTW: this flag should be named 'suid' not 'setuid'. we already have such flag in portage
You could change the patch, there's a line commented out that setuid the mount.cifs and umount.cifs executables and change the warning. I don't have to make a new patch, do I?
of course not. i'm just adding my suggestions in case this patch would be added to official tree soon
*** Bug 290383 has been marked as a duplicate of this bug. ***
any chances to see that patch in official tree?
Created attachment 258444 [details, diff] Patch for 3.5.6 to enable suid flag
I added a patch for the latest samba to make suid work again. It also enables any mounts user wishes to have instead of just listed in /etc/fstab. Please review and apply.
*** Bug 283615 has been marked as a duplicate of this bug. ***
This have been fixed in samba-3.6.0