Samba 2.0.9 release - SECURITY FIX

Kenichi Okuyama okuyamak at
Fri May 11 02:54:19 GMT 2001

Dear Andrew and all,

>>>>> "AT" == Andrew Tridgell <tridge at> writes:
AT> I've just released Samba 2.0.9. This release is being done because the
AT> 2.0.8 release did not fix the /tmp security hole. 

There are three things I want to ask.

1) What cvs tag gives me this version? I don't seem to find any
  tag with 2_0_9 in name.

2) There still seems to be some mktemp() function being called
  directly. Wasn't this a part of /tmp security hole too?

3) In 'samba/examples/' of both 2.2.0 and 2.0.*, there are many 
  smb.conf examples. And in them, you give (with commented out
  though) example of how to share /tmp among peoples.
  Won't this become problem? I mean, letting people open the
  file inside /tmp directory do have chance of stepping onto
  other people's temporary files, won't we?
Kenichi Okuayma at Tokyo Research Lab. IBM-Japan, Co.

More information about the samba-technical mailing list