[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-2-38-g86634dc

Karolin Seeger kseeger at samba.org
Wed Aug 27 10:02:45 GMT 2008 

The branch, v3-2-stable has been updated
       via  86634dc0c89b8c0ddf61273d31cc7d8cdb443643 (commit)
       via  a94f44c49f668fcf12f4566777a668043326bf97 (commit)
      from  4daf89d1fd5388a1bdd2c41cd69c6f04675eaa0d (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable


- Log -----------------------------------------------------------------
commit 86634dc0c89b8c0ddf61273d31cc7d8cdb443643
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Aug 27 11:09:54 2008 +0200

    WHATSNEW: Add updates for 3.2.3.
    
    Karolin

commit a94f44c49f668fcf12f4566777a668043326bf97
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 27 10:45:43 2008 +0200

    ldb: Fix permissions of group_mapping.ldb.
    
    This one fixes bug #5715 and CVE-2008-3789.

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                 |   16 ++++++++++++----
 source/groupdb/mapping_ldb.c |    8 +++++++-
 2 files changed, 19 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 310e0dd..7035285 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,19 @@
                    ==============================
                    Release Notes for Samba 3.2.3
-
+			  August, 27 2008
                    ==============================
 
-This is a bug fix release of the Samba 3.2 series.
+This is a security release in order to address CVE-2008-3789 ("Wrong
+permissions of group_mapping.ldb").
 
-Major bug fixes included in Samba 3.2.3 are:
+   o CVE-2008-3789
+     The file group_mapping.ldb is created with
+     the permissions 0666. That means everyone
+     is able to edit this file and might map any
+     SID to root.
 
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
 
 
 ######################################################################
@@ -16,7 +23,8 @@ Changes
 Changes since 3.2.2
 -------------------
 
-
+o   Andrew Tridgell <tridge at samba.org>
+    * Fix for CVE-2008-3789.
 
 
 ######################################################################
diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index 6775f61..ce65d7c 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -74,7 +74,13 @@ static bool init_group_mapping(void)
 	if (ret != LDB_SUCCESS) {
 		goto failed;
 	}
-	
+
+	/* force the permissions on the ldb to 0600 - this will fix
+	   existing databases as well as new ones */
+	if (chmod(db_path, 0600) != 0) {
+		goto failed;
+	}
+
 	if (!existed) {
 		/* initialise the ldb with an index */
 		struct ldb_ldif *ldif;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list