Bug 513716

Summary: Configure > Mounting > Basic Settings: Directories Box missing, configuration of Mount Prefix no longer possible
Product: [Applications] Smb4k Reporter: Chris Routh <chris>
Component: generalAssignee: Alexander Reinholdt <alexander.reinholdt>
Status: RESOLVED NOT A BUG    
Severity: normal    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: EndeavourOS   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Screenshot of Configure Dialogue with missing Directories panel on Basic Settings tab of Mouting section

Description Chris Routh 2025-12-22 19:09:00 UTC 
Created attachment 187880 [details]
Screenshot of Configure Dialogue with missing Directories panel on Basic Settings tab of Mouting section

SUMMARY

In version 4.0.5 the mount prefix option, on the Mounting > Basic Settings tab of the Configure panel is missing. It also seems that my previously configured mount prefix of `/home/<user>/smb4k` is no longer used, and my mounts are now mounted to `/run/smb4k/<user>` - this has broken a log of configuration for applications that use files on shares, and scripts for me.

The documentation still alludes to this option being available (https://docs.kde.org/stable5/en/smb4k/smb4k/configuration_page_mounting.html) - so this seems to be a bug in the newer releases.

STEPS TO REPRODUCE
1. Open the Configuration dialog
2. Click the Mounting section
3. Note the missing option on the Basic Settings tab

OBSERVED RESULT
Mounts and bookmarks which previously mounted to the expected `/home/<user>/smb4k` directory are now mounted to `/run`/ with no option to mount them elsewhere.

EXPECTED RESULT
Mount point prefix should remain configurable for users.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: EndeavourOS 25.12.1-1
KDE Plasma Version: 6.5.4
KDE Frameworks Version: 6.21.0
Qt Version: 6.10.1

ADDITIONAL INFORMATION
Kernel: 6.12.63-1-lts
Graphics Platform: Wayland
Comment 1 Alexander Reinholdt 2025-12-24 06:46:14 UTC 
I am very sorry that the latest version of Smb4K broke your settings and scripts. However, the change that affected you was introduced on purpose: 

Smb4K underwent a security review by the SUSE security team. They found two major vulnerabilites in the mount helper (full report: https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html):

CVE-2025-66002: local users can perform arbitrary unmounts via smb4kmounthelper due to lack of input validation
CVE-2025-66003: local users can perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba share

These were fixed among other things by restricting the possible mount points to a directory that is controlled by root: /var/run/smb4k/<user> or /run/smb4k/<user>. So, setting the mount prefix is not supported anymore. That is why the entry was removed from the configuration dialog (like a few others that also became obsolete).

In the release announcement I pointed out the change: https://sourceforge.net/p/smb4k/blog/2025/12/smb4k-405-security-bug-fix-release/ 

Unfortunately, I haven't had the time to update the handbook, which I also mentioned in the release announcement. This will be done with the release of Smb4K 4.0.6. (By the way, the documentation you are refering to is for the Qt5 version of Smb4K. It is still correct in many areas, but outdated.)