diff options
author | Jeremy Allison <jra@samba.org> | 2019-10-15 13:25:14 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-11-06 18:08:40 +0000 |
commit | 4ca0fcb2d4eec29fc75a285947a77974a0555bea (patch) | |
tree | 671f5cc8e1dcb196c7c9935436f57466154e0cf1 | |
parent | 35bb734d638e273f2fd1a19220db5f200d3e7489 (diff) | |
download | samba-4ca0fcb2d4eec29fc75a285947a77974a0555bea.tar.gz |
s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
-rw-r--r-- | source3/smbd/trans2.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index bc4b3934c83..767253d283b 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -8028,11 +8028,18 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn, #endif #if defined(S_IFCHR) case UNIX_TYPE_CHARDEV: + /* This is only allowed for root. */ + if (get_current_uid(conn) != sec_initial_uid()) { + return NT_STATUS_ACCESS_DENIED; + } unixmode |= S_IFCHR; break; #endif #if defined(S_IFBLK) case UNIX_TYPE_BLKDEV: + if (get_current_uid(conn) != sec_initial_uid()) { + return NT_STATUS_ACCESS_DENIED; + } unixmode |= S_IFBLK; break; #endif |