Samba 2.0.9 release - SECURITY FIX
okuyamak at dd.iij4u.or.jp
Fri May 11 02:54:19 GMT 2001
Dear Andrew and all,
>>>>> "AT" == Andrew Tridgell <tridge at sevenofnine.su.valinux.com> writes:
AT> I've just released Samba 2.0.9. This release is being done because the
AT> 2.0.8 release did not fix the /tmp security hole.
There are three things I want to ask.
1) What cvs tag gives me this version? I don't seem to find any
tag with 2_0_9 in name.
2) There still seems to be some mktemp() function being called
directly. Wasn't this a part of /tmp security hole too?
3) In 'samba/examples/' of both 2.2.0 and 2.0.*, there are many
smb.conf examples. And in them, you give (with commented out
though) example of how to share /tmp among peoples.
Won't this become problem? I mean, letting people open the
file inside /tmp directory do have chance of stepping onto
other people's temporary files, won't we?
Kenichi Okuayma at Tokyo Research Lab. IBM-Japan, Co.
More information about the samba-technical