On Thu, Apr 8, 2010 at 12:45 AM, Chris Smith <smb...@chrissmith.org> wrote: > On Wed, Apr 7, 2010 at 9:39 PM, Jeff Layton <jlay...@samba.org> wrote: >> Yes, we added a patch a while back to make it such that mount.cifs >> would not allow itself to run as a setuid root program unless it that >> check was compiled out. >> >> This was done due to a rather constant stream of "security issues" that >> were brought about when people installed mount.cifs setuid root. Since >> it had never been vetted for security, we really had no other choice to >> communicate that installing it setuid root was unsafe. > > Not the place for it so the inquiry is only rhetorical. > How can you equate adding a patch preventing a sysadmin from using an > app as designed to communicating? Communication is one thing, > handcuffs are another.
It doesn't stop a sysadmin. Sysadmins have root privileges and do not need setuid for this. Sysadmins can also manipulate automount or /etc/fstab to allow far more controlled mounting. This isn't "handcuffs". It's a seatbelt. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba