Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Default smb.conf will give user root access (User Error)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
nylonzippytie
n00b
n00b


Joined: 10 Oct 2013
Posts: 3
Location: Australia

PostPosted: Thu Oct 10, 2013 1:50 am    Post subject: Default smb.conf will give user root access (User Error) Reply with quote

EDIT: I had incorrect folder permissions set and was confused by the Samba client showing everything as belonging to the logged in user with smbd running as root under idle conditions.


Hi All,

I have a gentoo (hardened but grsecurity is not enabled) server running with Samba and NFS.

I'm migrating my NFS shares across to Samba but have stumbled upon some default behaviour which I think is a serious security issue:

  • When using mount.cifs from my ubuntu computer (client) I was noticing that when the mount is first made, smbd forks off a new process as the session user

  • When I start browsing the mount from the terminal, that process is suddenly elevated to root

  • I can happily and easily modify, edit and delete files that the session user does not have access to on the host. In other words, if I set files on the host as root:root with 600, the logged in user can delete, modify and read these files.


I understand that Samba can override filesystem permissions in order to operate friendly with Windows. I didn't realise this is a default behaviour which worries me because I was previously relying on my filesystem permissions as the last line of defence.

It was hard to find anyone else complaining about this (perhaps others aren't as security conscious?), but I did find the following:

http://ubuntuforums.org/showthread.php?t=1034103

Basically, I need to disable lanman authorization and now everything works as I would expect (user is no longer given root access to filesystem). This doesn't bother me because all my clients are up to date GNU/Linux systems and Windows 7 / 8.

In case the above link doesn't work, what is missing from smb.conf is the following:
Code:
lanman auth = no
lm announce = no
min protocol = NT1


I don't know if others would consider this an issue or if I should consider posting a bug to the gentoo samba maintainer as I believe these should be default options.


Last edited by nylonzippytie on Thu Oct 10, 2013 3:04 am; edited 2 times in total
Back to top
View user's profile Send private message
nylonzippytie
n00b
n00b


Joined: 10 Oct 2013
Posts: 3
Location: Australia

PostPosted: Thu Oct 10, 2013 1:53 am    Post subject: Reply with quote

I've just noticed that when the samba session is idle, the smbd process returns to root until a command is performed where it is set as the session user.

I'm still not confident with this, I thought a good security model was to have everyone possible running as a unprivileged user only to gain privileges by exception.
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Thu Oct 10, 2013 2:29 am    Post subject: Reply with quote

only security breach i see going on in the config is going on with printers.... everything else is commented, and im pretty sure the default config is not where the running config is located.

http://pastebin.com/B4EEA6P7

i turn my samba on and off by hand, and do not let its traffic leak past the router/firewall.
Back to top
View user's profile Send private message
nylonzippytie
n00b
n00b


Joined: 10 Oct 2013
Posts: 3
Location: Australia

PostPosted: Thu Oct 10, 2013 3:01 am    Post subject: Reply with quote

Well, no wander I couldn't find many complaints about this. The underlying issue was that the user I was logged in on had w permissions on the directory, so even files owned by root could be deleted (just not read or modified). In my testing, I was creating files with root and deleting via samba user, forgetting about the 'w' permission.

I was wrong, although I find it interesting that the smbd forked process runs as root until the user does something, where it is changed to the user and the resets back to root under idle conditions.
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Thu Oct 10, 2013 3:21 am    Post subject: Reply with quote

my advice, build a generic virtual machine with a backup so you can go back to default install state to test issues before reporting. qcow you can copy paste the virtual machine as a file. i suggest virtual box as it has more networking features than kvm/qemu. (bridging)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum