Project

General

Profile

Actions

Bug #3305

closed

smbfs mount shows password

Added by Udo Grabowski almost 11 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Start date:
2012-10-25
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

OI151a7:
Using 'mount' to show mounted filesets (even as a normal user) shows
the password used for mounting (here in case of samba), whereas
OSol 2009.06 U7 (support line version) just shows ** in place of
the password. This is a security problem and should be fixed quickly.


Files

il-3305.patch (1.18 KB) il-3305.patch Gordon Ross, 2012-10-31 04:16 AM
Actions #1

Updated by Gordon Ross almost 11 years ago

Do you have any information on which release or build first exhibits this problem?

Actions #2

Updated by Udo Grabowski almost 11 years ago

No, I suspect that this was only fixed on the support line of Osol, we just recently saw this when
converting one specific machine to OI-151a7 which had this password-secured smbfs mount.

Actions #3

Updated by Gordon Ross almost 11 years ago

  • Status changed from New to In Progress

Here's a simple fix: (see attached)

Actions #4

Updated by Rich Lowe almost 11 years ago

  • Project changed from OpenIndiana Distribution to illumos gate
Actions #5

Updated by Gordon Ross almost 11 years ago

  • Subject changed from mount shows password to smbfs mount shows password
  • Assignee set to Gordon Ross
Actions #6

Updated by Gordon Ross almost 11 years ago

Better fix attached. (one that works:)

Only show the server name and share name in the mounted resource.
That's sufficient, and makes this a normal "UNC" path.
(the name;password stuff was non-standard anyway.)

Actions #7

Updated by Udo Grabowski almost 11 years ago

A quick workaround until this reaches the distributions is to specify the
user/password information persistently with 'smbutil login user@server' .

Actions #8

Updated by Gordon Ross almost 11 years ago

Right. Another work-around is to put the password in $HOME/.nsmbrc

Actions #9

Updated by Gordon Ross over 10 years ago

  • Status changed from In Progress to Resolved
commit 15c4b7fc60958757a4ae2244a3910f06c3308202
Author: Gordon Ross <gwr@nexenta.com>
Date:   Tue Oct 30 23:03:27 2012 -0400

    3305 smbfs mount shows password
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Reviewed by: Marcel Telka <marcel@telka.sk>
    Approved by: Richard Lowe <richlowe@richlowe.net>

:100644 100644 afc4b3c... d8a5a98... M    usr/src/cmd/fs.d/smbclnt/mount/mount.c
Actions

Also available in: Atom PDF