[Pkg-samba-maint] Bug#568942: Bug#568942: samba: mtab corruption via malicious crafted string
Moritz Muehlenhoff
jmm at inutil.org
Wed Feb 10 19:00:28 UTC 2010
Christian PERRIER wrote:
> OTOH, we still have lenny that's affected. Dropping the setuid bit in
> lenny would break the behaviour of the package in a too invasive way,
> so we need to use patches that have been proposed in upstream bug
> report by Jeff Layton.
>
> However, they don't apply cleanly on our 3.2.5. They were meant for
> upstream 3-2-test branch, so for 3.2.15
>
> I started working on them yesterday and it seems feasible to port
> them. Surprisingly, though, some of the 7 patches proposed by Jeff in
> the attached tarball are reported as "already applied" on our 3.2.5
> sources.
>
> I end up with only 4 patches needed. See
> patches-setuid-lenny.tar.gz. I did not try compiling lenny's samba
> with them yet.
While there may be a patch for the specific issue, Jeremy made it pretty
clear that it's not suitable for setuid root status. This second bug
about the mtab corruption is another indicative.
While it's a little more intrusive than other fixes, it appears to me
that the only correct fix for Lenny is also dropping the setuid root
bit while documenting the necessary dpkg-statoverride calls.
I also fail to see why mount.cifs/umount.cifs should be accessible
for a non-privileged user in the first place. Noone would even think
about doing that for NFS, so why should CIFS be any different?
Cheers,
Moritz
More information about the Pkg-samba-maint
mailing list