DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2008-02-02 13:00:18

DN
Member
Registered: 2007-02-19
Posts: 5

Network access bug in 1.04?

Read only group access allows write! Can anyone verify this.

In the NAS I have users x,y,z that are members of the Users group. The NAS also have a ”Media ” share for pictures etc. The share is set up with read-only access right for the NAS Users group.

From a Vista och XP client the access behaves as expected with read-only access for user x,y or z. But from my Ubuntu (or Edubuntu 7.10) the NAS ”Media” share is given write access for any user through the following mount:

sudo mount -t cifs //192.168.1.32/Media /mnt/nasmedia -o credentials=/root/xsmbcredentials,iocharset=utf8,uid=x,gid=users,file_mode=0700,dir_mode=0700


(On the Ubuntu client users x, y, z are members of the ”users” group)

I discoverd the bug? when  I changed from 1.03 using smbfs mount with fmode=550 etc. The file_mode=0700 was a copy-paste mistake that revealed this NAS-bug.

Regards, Dan

Offline

 

#2 2008-02-02 14:51:07

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Network access bug in 1.04?

Just out of curiosity ....

We're discussing a device that is advertised as supporting Windows XP-SP2 & Windows 2000-SP4 (at RTS there was no mention of Windows Vista) and definitely no mention of linux of any sort - should a failure to work in the expected manner with an "unsupported" operating system be considered a bug?

Further curiosity - has anyone ever approached DLink support on a linux or MacOS (or even Vista) related issue and been told that those OSes are not supported?

Offline

 

#3 2008-02-03 15:08:26

DN
Member
Registered: 2007-02-19
Posts: 5

Re: Network access bug in 1.04?

Ok, thanks for the info. I didn't know that the ambition for the DNS-323 stopped with XP-SP2.

Not guaranteeing smooth operation with an unsupported operating systems is one thing, but a read-only samba share should be read only no matter who's knocking on the door.
I sounds like naming the share "Media - Please do not delete files" is a better option than setting "read-only" in the DNS-323 ;-)

Regards, Dan

Offline

 

#4 2008-02-03 18:17:54

dickeywang
Member
Registered: 2007-06-29
Posts: 59

Re: Network access bug in 1.04?

fordem wrote:

Just out of curiosity ....

We're discussing a device that is advertised as supporting Windows XP-SP2 & Windows 2000-SP4 (at RTS there was no mention of Windows Vista) and definitely no mention of linux of any sort - should a failure to work in the expected manner with an "unsupported" operating system be considered a bug?

Further curiosity - has anyone ever approached DLink support on a linux or MacOS (or even Vista) related issue and been told that those OSes are not supported?

Just out of curiosity(maybe a little bit off-topic): do you work for Dlink?

Last edited by dickeywang (2008-02-03 18:18:12)

Offline

 

#5 2008-02-03 20:44:12

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Network access bug in 1.04?

dickeywang wrote:

Just out of curiosity(maybe a little bit off-topic): do you work for Dlink?

No.

Offline

 

#6 2008-02-03 20:47:46

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Network access bug in 1.04?

DN wrote:

Ok, thanks for the info. I didn't know that the ambition for the DNS-323 stopped with XP-SP2.

Not guaranteeing smooth operation with an unsupported operating systems is one thing, but a read-only samba share should be read only no matter who's knocking on the door.
I sounds like naming the share "Media - Please do not delete files" is a better option than setting "read-only" in the DNS-323 ;-)

Regards, Dan

Oh - I'm not disagreeing with you - I'm just asking a question.

Offline

 

#7 2008-02-04 12:27:52

leftkidney
Member
Registered: 2007-12-26
Posts: 54

Re: Network access bug in 1.04?

no matter what if you can bypass or otherwise do something that you arent sosposta do like write when only read is allowed                 it is a bug.

Offline

 

#8 2008-02-04 13:00:08

karlbowden
Member
Registered: 2008-02-04
Posts: 5

Re: Network access bug in 1.04?

Hey DN, I also only use linux. Ubuntu 7.10.
I have tried a few combinations of permissions, but if a share is marked as ro by my dns-323, i cannot write, delete or modify it.

I have also found firmware upgrades very reliable with Firefox 2 in Linux in case anybody wonders.
- Karl

Offline

 

#9 2008-02-04 13:02:59

karlbowden
Member
Registered: 2008-02-04
Posts: 5

Re: Network access bug in 1.04?

Also, could you post the contents of /etc/samba/smb.conf (fudging out anything sensitive) for comparison.

Offline

 

#10 2008-02-04 14:38:59

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Network access bug in 1.04?

DN wrote:

sudo mount -t cifs //192.168.1.32/Media /mnt/nasmedia -o credentials=/root/xsmbcredentials,iocharset=utf8,uid=x,gid=users,file_mode=0700,dir_mode=0700

Can you also mount the share without using the root user credentials?

I assume that there is a "higher" share that would allow the root user read and write access to your shared media?

Last edited by sjmac (2008-02-04 14:39:20)

Offline

 

#11 2008-02-04 17:53:25

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Network access bug in 1.04?

leftkidney wrote:

no matter what if you can bypass or otherwise do something that you arent sosposta do like write when only read is allowed                 it is a bug.

This is where I disagree with you - let's take something simple, a 5¼" diskette - I don't know if if you've ever seen or used one, but for write protection it uses a notch on the left side - if the notch is present it's read/write, if there is no notch then it's read only.  It's fairly easy to cut a notch into a diskette that doesn't have one and only slightly more complicated to modify the drive to over ride the detection circuit.  Both of these tricks were quite common in the days of single sided diskettes, since they enabled a user to flip the diskette over and double storage capacity.

So .....  the ability to over ride or bypass and write to read only media should not be defined as a bug, it may be defined as a hack, it may even be defined considered as security hole or flaw, but a bug - I'm not so sure.

Now - look at the rest of the thread - karlbowden has been unable to duplicate the problem and sjmac has suggested that a "higher" share may be allowing root access - this may just be a security configuration, which now takes me back to the original question I asked - bearing in mind that DN has not told us of any modifications or hacks to his DNS-323 - if the device works as expected with the supported OS but not with an unsupported OS, should this be considered a bug?

Offline

 

#12 2008-02-04 19:42:20

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Network access bug in 1.04?

sjmac wrote:

DN wrote:

sudo mount -t cifs //192.168.1.32/Media /mnt/nasmedia -o credentials=/root/xsmbcredentials,iocharset=utf8,uid=x,gid=users,file_mode=0700,dir_mode=0700

Can you also mount the share without using the root user credentials?

OK, I've just read this http://www.samba.org/samba/docs/man/man … ifs.8.html and now I understand that
-o credentials=/root/xsmbcredentials
means "read the credentials from the file /root/xsmbcredentials". (I'd assumed that /root/xsmbcredentials was a user/password combination before).

So, which user credentials are in that file, and would that user have write access via a longer pathname to the files in /Media?

Offline

 

#13 2008-02-05 00:59:02

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Network access bug in 1.04?

I've just booted up a Knoppix image in a VM and tried this myself. My client is Samba 3.0.22. With my configuration, I didn't get write access to my ro share.

My read only share is called "sharedByUpnp"

If I telnet to the DNS323 and type
less /etc/samba/smb.conf
I get a file that includes this text:
... snip ...
[ Volume_1 ]
comment = Read and write access to all media files.
path = /mnt/HD_a2
valid users = me
read only = no
guest ok = no
oplocks =  yes
map archive = yes

[ sharedByUpnp ]
comment = Read only access to media files that are shared by the UPnP server.
path = /mnt/HD_a2/sharedByUpnp
valid users =
read only = yes
guest ok = yes
oplocks = yes
map archive = yes
... snip ...

In Knoppix the default user is Knoppix, uid=1000, gid=1000

In Knoppix I typed
sudo mkdir /mnt/roshare

I made a file called /mnt/smbcred that contained these lines
username=me
password=mypassword

I typed
sudo mount -t cifs //10.x.y.z/sharedByUpnp /mnt/roshare/ -o credentials=/mnt/smbcred,iocharset=utf8,filemode=0700,dir_mode=0700,uid=1000,gid=1000

Then I typed
touch /mnt/roshare/testfile

Computer said
touch: cannot touch `/mnt/roshare/testfile': Permission denied

What is in the DNS323 smb.conf file for your read only share?

Offline

 

#14 2008-02-05 01:20:13

leftkidney
Member
Registered: 2007-12-26
Posts: 54

Re: Network access bug in 1.04?

fordem wrote:

leftkidney wrote:

no matter what if you can bypass or otherwise do something that you arent sosposta do like write when only read is allowed                 it is a bug.

This is where I disagree with you - let's take something simple, a 5¼" diskette - I don't know if if you've ever seen or used one, but for write protection it uses a notch on the left side - if the notch is present it's read/write, if there is no notch then it's read only.  It's fairly easy to cut a notch into a diskette that doesn't have one and only slightly more complicated to modify the drive to over ride the detection circuit.  Both of these tricks were quite common in the days of single sided diskettes, since they enabled a user to flip the diskette over and double storage capacity.

So .....  the ability to over ride or bypass and write to read only media should not be defined as a bug, it may be defined as a hack, it may even be defined considered as security hole or flaw, but a bug - I'm not so sure.

Now - look at the rest of the thread - karlbowden has been unable to duplicate the problem and sjmac has suggested that a "higher" share may be allowing root access - this may just be a security configuration, which now takes me back to the original question I asked - bearing in mind that DN has not told us of any modifications or hacks to his DNS-323 - if the device works as expected with the supported OS but not with an unsupported OS, should this be considered a bug?

YES it is a bug

for the 5-1/4" disk it is a little different     yea that is a "hack" but if you were to insert that same unmodified 5-1/4" disk into an unmodified drive that will write to it without that hole in it then it is a bug    if you have to alter the disk or drive or code on the computer then it is a "hack"    not a bug    IMO

Offline

 

#15 2008-02-05 06:27:45

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Network access bug in 1.04?

fordem wrote:

Now - look at the rest of the thread - karlbowden has been unable to duplicate the problem and sjmac has suggested that a "higher" share may be allowing root access - this may just be a security configuration, which now takes me back to the original question I asked - bearing in mind that DN has not told us of any modifications or hacks to his DNS-323 - if the device works as expected with the supported OS but not with an unsupported OS, should this be considered a bug?

leftkidney - Again - look at the rest of the thread - now we have both karlbowden & sjmac reporting an inability to duplicate the problem.

What - if anything - has DN changed, either in his DNS-323 or his environment that allows him to write to the DNS-323?

What - so to speak - has he done that is the equivalent to my cutting a notch in the diskette, or rewiring the write protect circuitry in the diskette drive to disable the write protection?

What is the possibility (or probability) that he has simply misconfigured the security so that connecting from a linux system allows him access at a higher level that he would otherwise have when using a Windows system, and it is this higher level of access that makes it possible?

Would a home owner with a deadbolt on his front door failing to turn that deadbolt make the door flawed?  It would allow an intruder access, but is it a bug?

Offline

 

#16 2008-02-05 11:18:27

DN
Member
Registered: 2007-02-19
Posts: 5

Re: Network access bug in 1.04?

sjmac wrote:

sjmac wrote:

DN wrote:

sudo mount -t cifs //192.168.1.32/Media /mnt/nasmedia -o credentials=/root/xsmbcredentials,iocharset=utf8,uid=x,gid=users,file_mode=0700,dir_mode=0700

Can you also mount the share without using the root user credentials?

OK, I've just read this http://www.samba.org/samba/docs/man/man … ifs.8.html and now I understand that
-o credentials=/root/xsmbcredentials
means "read the credentials from the file /root/xsmbcredentials". (I'd assumed that /root/xsmbcredentials was a user/password combination before).

So, which user credentials are in that file, and would that user have write access via a longer pathname to the files in /Media?

User X has only “user” credentials for the Media share, but as you suggest user X also have write access on a "Music" share in "Volume_1/Media/Music".

The DNS-323 is not modified and started off with firmware 1.01 then upgraded to 1.02, 1.03 and now 1.04. The problem may off course be solved with a “ro” mounting option but the (possible) bug makes me uncertain if I can trust the access rights in the box.

Regards, Dan

Offline

 

#17 2008-02-05 11:40:35

leftkidney
Member
Registered: 2007-12-26
Posts: 54

Re: Network access bug in 1.04?

I suspect that the problem is that there is a root login not dissabled

I remember when I forst got this thing that I could connect to it without a password even though I had set a password and the problem was there was still a admin root password not set or something like that

other than that I dont know

Offline

 

#18 2008-02-05 13:00:26

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Network access bug in 1.04?

DN wrote:

User X has only “user” credentials for the Media share, but as you suggest user X also have write access on a "Music" share in "Volume_1/Media/Music".

Well, regardless D-Link or anyone else would consider it a bug, it's not expected behaviour. Also Samba (which is the software controlling access to the data) has a pretty good reputation, so I'd imagine it is easy to fix with a configuration change. Would that config change be possible from the DNS323 UI ? Difficult to guess if we don't know why you are getting write access to that share!

What's in smb.conf? You could type
cat /etc/samba/smb.conf > /mnt/HD_a2/smbconfig.txt
to get this in to a file ...

Offline

 

#19 2008-02-06 23:58:16

DN
Member
Registered: 2007-02-19
Posts: 5

Re: Network access bug in 1.04?

After some network access changes in the NAS (no changes to the Media or Music shares though) and a couple of reboots, I'm no longer able to reconstruct the write-access on the read-only share. So I guess it's meaningless to dig further.

Thanks for all the help, Dan

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB