Bug 1149164 - Recent snapshots seem to have broken user CIFS mounts
Recent snapshots seem to have broken user CIFS mounts
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P5 - None : Minor (vote)
: ---
Assigned To: Aurelien Aptel
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-03 09:23 UTC by Hadrien Grasland
Modified: 2020-09-26 22:14 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hadrien Grasland 2019-09-03 09:23:19 UTC
Coming back from holiday, I upgraded a Tumbleweed system from snapshot 20190724 to 20190829, and that seems to have broken my ability to mount SMB shares as a regular user via the classic "chmod +s /sbin/mount.cifs" trick.

Now, attempting to run "mount /path/to/share" as a regular user after making mount.cifs setuid will lead to a very suspicious-looking crash...

    hadrien@linux-2ak3:~> mount /mnt/expsi
    free(): double free detected in tcache 2
    Child process terminated abnormally.

...whereas mounting as root, on its side, keeps working as intended.

Why, you may ask, do I mount samba shares as a user? The thing is...

- I need the mount to be fully automated, because my backup cronjob uses it.
- I cannot automount the SMB share on startup, because we use password-based authentication here, and as a basic protection against evil maid attacks I put the password on an encrypted partition that is only mounted when I log in.
- The mount.cifs manpage explicitly mentions this possibility in its "NOTES" section. So why not?

The direct cause of this crash may actually not be a mount.cifs update. Given that the program terminates because glibc detects a double free, it may well be that the double free has been there for a while, and is only being detected now because glibc's memory safety error detector got smarter recently.

I actually tried to investigate that double free with the tools I know, but...

- valgrind and setuid programs don't mix well
- GDB and multi-process programs don't mix well

Feel free to suggest any other debugging tool/methodology, or to ask me for any other diagnostic info that's useful to you.
Comment 1 Hadrien Grasland 2019-09-03 09:29:52 UTC
For those facing the same issue, a workaround is replace the setuid bit with a sudoers rule that allows the desired user(s) to run the desired mount command via sudo without typing the root password.

   username ALL= NOPASSWD: /usr/bin/mount /path/to/smb/share

I'm probably going to keep using this one, as it will save me the trouble of re-setting the setuid bit on /sbin/mount.cifs on every Tumbleweed update...

But given that the mount.cifs manual states that setuid mounts should work, and certainly not trigger a double free, this bug should probably be investigated someday.
Comment 2 Aurelien Aptel 2019-09-06 10:07:00 UTC
I can reproduce this. Fix seems relatively simple, Paulo has sent a patch upstream for review.
Comment 4 Swamp Workflow Management 2019-10-21 19:14:00 UTC
SUSE-RU-2019:2732-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1130528,1132087,1136031,1149164
CVE References: 
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    cifs-utils-6.9-3.10.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    cifs-utils-6.9-3.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Aurelien Aptel 2019-10-25 09:41:20 UTC
Hadrien, can you confirm you no longer have the problem?
Comment 6 Swamp Workflow Management 2019-10-26 22:12:09 UTC
openSUSE-RU-2019:2378-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1130528,1132087,1136031,1149164
CVE References: 
Sources used:
openSUSE Leap 15.0 (src):    cifs-utils-6.9-lp150.2.6.1
Comment 7 Hadrien Grasland 2019-10-28 10:21:01 UTC
(In reply to Aurelien Aptel from comment #5)
> Hadrien, can you confirm you no longer have the problem?

I could check today, and it works for me now. Thanks for the fix!
Comment 8 Swamp Workflow Management 2020-02-27 17:26:34 UTC
SUSE-RU-2020:0517-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1130528,1132087,1136031,1149164
CVE References: 
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    cifs-utils-6.9-5.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    cifs-utils-6.9-5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-03-03 23:13:45 UTC
openSUSE-RU-2020:0295-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1130528,1132087,1136031,1149164
CVE References: 
Sources used:
openSUSE Leap 15.1 (src):    cifs-utils-6.9-lp151.4.3.1
Comment 11 Swamp Workflow Management 2020-04-15 16:19:28 UTC
SUSE-RU-2020:1001-1: An update that has two recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1149164,1152930
CVE References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    cifs-utils-6.9-13.7.1
SUSE Linux Enterprise Server 12-SP4 (src):    cifs-utils-6.9-13.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-04-29 13:14:54 UTC
SUSE-RU-2020:1001-1: An update that has three recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1149164,1152930,1164093
CVE References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    cifs-utils-6.9-13.7.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    cifs-utils-6.9-13.7.1
SUSE Linux Enterprise Server 12-SP5 (src):    cifs-utils-6.9-13.7.1
SUSE Linux Enterprise Server 12-SP4 (src):    cifs-utils-6.9-13.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-09-26 22:14:10 UTC
openSUSE-RU-2020:1545-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1130528,1132087,1136031,1149164
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    cifs-utils-6.9-lp151.4.6.1