Package: davfs2
Version: 0.2.3-2
Severity: grave
Tags: security
Justification: user security hole
It appears that davfs2 does not enforce unix permissions. I just
mounted a DAV share as root. When I list permissions in the root of the
mount, I see
% ls -ld .
drwxr-xr-x 1 root root 512 2005-05-25 11:43 .
% ls -l
total 950
-rwxr-xr-x 0 root root 6 2005-05-25 11:43 file
drwxr-xr-x 1 root root 512 2005-05-10 05:18 dir
However, as a regular user, I can create and modify files with no
restrictions. For example "touch foo" and "echo hello > file" both work
fine. I also tried mounting with mode=0700, and nothing changed, not
even the permissions displayed. So it appears that there is no way to
restrict access to the mounted DAV share.
Also, on a possibly related note, I see that if I create a file with
"touch foo", foo has the permissions
-rw-rw-r-- 0 root root 0 2005-05-25 11:48 foo
However, if I unmount and remount, then the permissions revent to
-rwxr-xr-x 0 root root 0 2005-05-25 11:48 foo
Andrew
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages davfs2 depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libneon24 0.24.7.dfsg-2 An HTTP and WebDAV client library
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libxml2 2.6.16-7 GNOME XML library
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
