]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 35bb734)
s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.
authorJeremy Allison <jra@samba.org>
Tue, 15 Oct 2019 20:25:14 +0000 (13:25 -0700)
committerJeremy Allison <jra@samba.org>
Wed, 6 Nov 2019 18:08:40 +0000 (18:08 +0000)
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
source3/smbd/trans2.c patch | blob | blame | history

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bc4b3934c83d242d6924ba13d735e96e34c941e6..767253d283b3e12819ed80ab4f3ce5749415b045 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -8028,11 +8028,18 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn,
 #endif
 #if defined(S_IFCHR)
                case UNIX_TYPE_CHARDEV:
+                       /* This is only allowed for root. */
+                       if (get_current_uid(conn) != sec_initial_uid()) {
+                               return NT_STATUS_ACCESS_DENIED;
+                       }
                        unixmode |= S_IFCHR;
                        break;
 #endif
 #if defined(S_IFBLK)
                case UNIX_TYPE_BLKDEV:
+                       if (get_current_uid(conn) != sec_initial_uid()) {
+                               return NT_STATUS_ACCESS_DENIED;
+                       }
                        unixmode |= S_IFBLK;
                        break;
 #endif
Mirror of https://github.com/samba-team/samba.git