Package: mount Version: 2.12-10 Severity: important When mounting a cifs share using command like this:
mount -t cifs -o username=user,password=pass //server/share /mnt/share mount writes all the options, including password into /etc/mtab! This file is readable to everyone and so are the passwords. Any user can write "mount" or "cat /etc/mtab" to get them. Passwords are not shown in /proc/mounts. Also I have found out that this happens only if /sbin/mount.cifs (from package smbfs) is not available. I wonder why it works this way. I would expect one of these behaviors: 1. mount -t cifs should fail if /sbin/mount.cifs doesn't exist 2. mount -t cifs should do the job correctly without /sbin/mount.cifs (thus rendering mount.cifs obsolete) However current sitution is that users without mount.cifs (smbfs) installed are exposing their passwords in /etc/mtab, while those who installed smbfs are safe. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mount depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
