[SCM] Samba Shared Repository - branch v3-2-stable updated -
release-3-2-2-38-g86634dc
Karolin Seeger
kseeger at samba.org
Wed Aug 27 10:02:45 GMT 2008
The branch, v3-2-stable has been updated
via 86634dc0c89b8c0ddf61273d31cc7d8cdb443643 (commit)
via a94f44c49f668fcf12f4566777a668043326bf97 (commit)
from 4daf89d1fd5388a1bdd2c41cd69c6f04675eaa0d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit 86634dc0c89b8c0ddf61273d31cc7d8cdb443643
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Aug 27 11:09:54 2008 +0200
WHATSNEW: Add updates for 3.2.3.
Karolin
commit a94f44c49f668fcf12f4566777a668043326bf97
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Aug 27 10:45:43 2008 +0200
ldb: Fix permissions of group_mapping.ldb.
This one fixes bug #5715 and CVE-2008-3789.
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 16 ++++++++++++----
source/groupdb/mapping_ldb.c | 8 +++++++-
2 files changed, 19 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 310e0dd..7035285 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,19 @@
==============================
Release Notes for Samba 3.2.3
-
+ August, 27 2008
==============================
-This is a bug fix release of the Samba 3.2 series.
+This is a security release in order to address CVE-2008-3789 ("Wrong
+permissions of group_mapping.ldb").
-Major bug fixes included in Samba 3.2.3 are:
+ o CVE-2008-3789
+ The file group_mapping.ldb is created with
+ the permissions 0666. That means everyone
+ is able to edit this file and might map any
+ SID to root.
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
######################################################################
@@ -16,7 +23,8 @@ Changes
Changes since 3.2.2
-------------------
-
+o Andrew Tridgell <tridge at samba.org>
+ * Fix for CVE-2008-3789.
######################################################################
diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index 6775f61..ce65d7c 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -74,7 +74,13 @@ static bool init_group_mapping(void)
if (ret != LDB_SUCCESS) {
goto failed;
}
-
+
+ /* force the permissions on the ldb to 0600 - this will fix
+ existing databases as well as new ones */
+ if (chmod(db_path, 0600) != 0) {
+ goto failed;
+ }
+
if (!existed) {
/* initialise the ldb with an index */
struct ldb_ldif *ldif;
--
Samba Shared Repository
More information about the samba-cvs
mailing list