Bugzilla – Bug 1149164
Recent snapshots seem to have broken user CIFS mounts
Last modified: 2020-09-26 22:14:10 UTC
Coming back from holiday, I upgraded a Tumbleweed system from snapshot 20190724 to 20190829, and that seems to have broken my ability to mount SMB shares as a regular user via the classic "chmod +s /sbin/mount.cifs" trick. Now, attempting to run "mount /path/to/share" as a regular user after making mount.cifs setuid will lead to a very suspicious-looking crash... hadrien@linux-2ak3:~> mount /mnt/expsi free(): double free detected in tcache 2 Child process terminated abnormally. ...whereas mounting as root, on its side, keeps working as intended. Why, you may ask, do I mount samba shares as a user? The thing is... - I need the mount to be fully automated, because my backup cronjob uses it. - I cannot automount the SMB share on startup, because we use password-based authentication here, and as a basic protection against evil maid attacks I put the password on an encrypted partition that is only mounted when I log in. - The mount.cifs manpage explicitly mentions this possibility in its "NOTES" section. So why not? The direct cause of this crash may actually not be a mount.cifs update. Given that the program terminates because glibc detects a double free, it may well be that the double free has been there for a while, and is only being detected now because glibc's memory safety error detector got smarter recently. I actually tried to investigate that double free with the tools I know, but... - valgrind and setuid programs don't mix well - GDB and multi-process programs don't mix well Feel free to suggest any other debugging tool/methodology, or to ask me for any other diagnostic info that's useful to you.
For those facing the same issue, a workaround is replace the setuid bit with a sudoers rule that allows the desired user(s) to run the desired mount command via sudo without typing the root password. username ALL= NOPASSWD: /usr/bin/mount /path/to/smb/share I'm probably going to keep using this one, as it will save me the trouble of re-setting the setuid bit on /sbin/mount.cifs on every Tumbleweed update... But given that the mount.cifs manual states that setuid mounts should work, and certainly not trigger a double free, this bug should probably be investigated someday.
I can reproduce this. Fix seems relatively simple, Paulo has sent a patch upstream for review.
SUSE-RU-2019:2732-1: An update that has four recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1130528,1132087,1136031,1149164 CVE References: Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): cifs-utils-6.9-3.10.1 SUSE Linux Enterprise Module for Basesystem 15 (src): cifs-utils-6.9-3.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hadrien, can you confirm you no longer have the problem?
openSUSE-RU-2019:2378-1: An update that has four recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1130528,1132087,1136031,1149164 CVE References: Sources used: openSUSE Leap 15.0 (src): cifs-utils-6.9-lp150.2.6.1
(In reply to Aurelien Aptel from comment #5) > Hadrien, can you confirm you no longer have the problem? I could check today, and it works for me now. Thanks for the fix!
SUSE-RU-2020:0517-1: An update that has four recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1130528,1132087,1136031,1149164 CVE References: Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): cifs-utils-6.9-5.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): cifs-utils-6.9-5.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2020:0295-1: An update that has four recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1130528,1132087,1136031,1149164 CVE References: Sources used: openSUSE Leap 15.1 (src): cifs-utils-6.9-lp151.4.3.1
SUSE-RU-2020:1001-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1149164,1152930 CVE References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): cifs-utils-6.9-13.7.1 SUSE Linux Enterprise Server 12-SP4 (src): cifs-utils-6.9-13.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2020:1001-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1149164,1152930,1164093 CVE References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): cifs-utils-6.9-13.7.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): cifs-utils-6.9-13.7.1 SUSE Linux Enterprise Server 12-SP5 (src): cifs-utils-6.9-13.7.1 SUSE Linux Enterprise Server 12-SP4 (src): cifs-utils-6.9-13.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2020:1545-1: An update that has four recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1130528,1132087,1136031,1149164 CVE References: JIRA References: Sources used: openSUSE Leap 15.1 (src): cifs-utils-6.9-lp151.4.6.1