From: Jeremy Allison <jra@samba.org>
Date: Tue, 15 Oct 2019 20:25:14 +0000 (-0700)
Subject: s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.
X-Git-Tag: talloc-2.3.1~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ca0fcb2d4eec29fc75a285947a77974a0555bea;p=thirdparty%2Fsamba.git

s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bc4b3934c83..767253d283b 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -8028,11 +8028,18 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn,
 #endif
 #if defined(S_IFCHR)
 		case UNIX_TYPE_CHARDEV:
+			/* This is only allowed for root. */
+			if (get_current_uid(conn) != sec_initial_uid()) {
+				return NT_STATUS_ACCESS_DENIED;
+			}
 			unixmode |= S_IFCHR;
 			break;
 #endif
 #if defined(S_IFBLK)
 		case UNIX_TYPE_BLKDEV:
+			if (get_current_uid(conn) != sec_initial_uid()) {
+				return NT_STATUS_ACCESS_DENIED;
+			}
 			unixmode |= S_IFBLK;
 			break;
 #endif