I'm sponsoring the following for fast-track approval. The need for this
case came up at rather the last minute, and to maintain planned push
schedules we need a very short timeout - I'm asking for 14:00 Pacific
tomorrow, Friday March 13, the end of the business day on the East Coast
where the engineer is. Thank you for your indulgence.
1. Technical Description
More restrictive default permissions on smbfs mounts (CR 6800703)
2. Details
2.1 Background and motivation
The Solaris CIFS Client [PSARC 2005/695] provides the ability to
mount CIFS shares from Windows-compatible servers on Solaris.
When you mount a remote file system using the CIFS client, you
supply a username and password. All access to the remote file
system is done *as the mount owner*, not as the user making the
current file system request. (This is arguably a weakness in the
design of smbfs, but fixing it is a large project.) If you don't
want other people accessing the remote server as you, you have to
arrange that the permissions on the mount don't allow them to.
As documented in mount_smbfs(1m), the existing permissions on the
mount point (which, mind you, must be owned by the user doing the
mount) are used as the defaults. This could easily lead to a user
being surprised that others may access the server as that user.
This is also arguably not "secure by default".
We propose to change the default "fileperms" to 0700. per:
CR 6800703 smbfs default permissions may lead to surprises
The release binding is: Patch.
3. Interface table
(no change)
4. Documentation
The mount_smbfs(1m) man page will be updated by CR (TBD)
Here is a summary of the nsmbrc(4) changes:
Current text:
dirperms=octaltriplet
Specifies the permissions to be assigned to direc-
tories. The value must be specified as an octal tri-
plet, such as 755. The default value for the direc-
tory mode adds the execute permission.
Note that these permissions have no relation to the
rights granted by the CIFS server.
fileperms=octaltriplet
Specifies the permissions to be assigned to files.
The value must be specified as an octal triplet,
such as 644. The default value for the file mode is
taken from the mount point and adds the read permis-
sion.
Note that these permissions have no relation to the
rights granted by the CIFS server.
Proposed text:
dirperms=octaltriplet
Specifies the permissions to be assigned to direc-
tories. The value must be specified as an octal tri-
plet, such as 755. The default value for the direc-
tory mode is taken from the fileperms setting, with
execute permission added where fileperms has read.
Note that these permissions have no relation to the
rights granted by the CIFS server.
fileperms=octaltriplet
Specifies the permissions to be assigned to files.
The value must be specified as an octal triplet,
such as 644. The default value is 700.
Note that these permissions have no relation to the
rights granted by the CIFS server.
5. References
http://sac.sfbay/PSARC/2005/695/
http://docs.sun.com/app/docs/doc/819-2240/mount-smbfs-1m
6. Resources and Schedule
n/a
