Missing userspace patches from Bugzilla #999 fix

Gerald (Jerry) Carter jerry at samba.org
Tue Jan 16 20:29:29 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dann frazier wrote:
> I've been researching the issue in #999 as a security issue for
> Debian. It has been assigned CVE-2006-5871, see
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310982 for details.
> 
> The security issue was fixed long ago in the 2.6 kernel and just
> recently in 2.4. However, the corresponding smbmount patches were
> never applied upstream. Since without these patches smbmount always
> passes the uid, gid, etc mount options to the kernel, its not possible
> for a user to use the server-provided values.
> 
> For Debian, we plan to patch only the kernel so that our behavior
> matches current upstream. However, I thought I'd note this limitation
> in case it is an unintentional one.

Dann,

I'll make the change.  Can you send me the latest version
of the patch.  (although I think smbfs is dead).






cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFrTWpIR7qMdg1EfYRAo5rAKDZ3iZZiCpSJrtycDE2mYQVqNSYRQCbBDxR
2FySALxEUBHCC0MAIsF6duk=
=r4AQ
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list