Missing userspace patches from Bugzilla #999 fix

[dann frazier]

I've been researching the issue in #999 as a security issue for
Debian. It has been assigned CVE-2006-5871, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310982 for details.

The security issue was fixed long ago in the 2.6 kernel and just
recently in 2.4. However, the corresponding smbmount patches were
never applied upstream. Since without these patches smbmount always
passes the uid, gid, etc mount options to the kernel, its not possible
for a user to use the server-provided values.

For Debian, we plan to patch only the kernel so that our behavior
matches current upstream. However, I thought I'd note this limitation
in case it is an unintentional one.

-- 
dann frazier | HP Open Source and Linux Organization