Missing userspace patches from Bugzilla #999 fix
dannf at hp.com
Tue Jan 16 21:00:33 GMT 2007
On Tue, Jan 16, 2007 at 02:29:29PM -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> dann frazier wrote:
> > I've been researching the issue in #999 as a security issue for
> > Debian. It has been assigned CVE-2006-5871, see
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310982 for details.
> > The security issue was fixed long ago in the 2.6 kernel and just
> > recently in 2.4. However, the corresponding smbmount patches were
> > never applied upstream. Since without these patches smbmount always
> > passes the uid, gid, etc mount options to the kernel, its not possible
> > for a user to use the server-provided values.
> > For Debian, we plan to patch only the kernel so that our behavior
> > matches current upstream. However, I thought I'd note this limitation
> > in case it is an unintentional one.
> I'll make the change. Can you send me the latest version
> of the patch. (although I think smbfs is dead).
Thanks Jerry - I don't have more recent userspace patches than what
exists in #999. However, I also don't think the code has changed
significantly since then either.
More information about the samba-technical