The branch, v3-4-stable has been updated via 49fc62c... Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write." via bdad635... WHATSNEW: Prepare release notes for Samba 3.4.7. via df5a563... WHATSNEW: Start release notes for Samba 3.4.7. via d811847... VERSION: Raise version number up to 3.4.7. from d0e7cc3... WHATSNEW: Fix typo.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log ----------------------------------------------------------------- commit 49fc62cc5d8bcb2ef246fa6505c99071b406c413 Author: Karolin Seeger <ksee...@samba.org> Date: Mon Mar 8 20:53:38 2010 +0100 Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write." This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9. This fixes bug #7222 (All users have full rigths on all shares)(CVE-2010-0728). commit bdad63514f345a10774dade1746072312ed140c1 Author: Karolin Seeger <ksee...@samba.org> Date: Mon Mar 8 20:52:56 2010 +0100 WHATSNEW: Prepare release notes for Samba 3.4.7. Karolin commit df5a5630a795f57a71d3b9e0f68ba104bc289982 Author: Karolin Seeger <ksee...@samba.org> Date: Wed Feb 24 16:08:26 2010 +0100 WHATSNEW: Start release notes for Samba 3.4.7. Karolin (cherry picked from commit c8fbbbb888a6cc67e603ba04510f5504596b67d8) commit d811847bbd8badf5c343417b453a527de3f06bbe Author: Karolin Seeger <ksee...@samba.org> Date: Wed Feb 24 16:06:32 2010 +0100 VERSION: Raise version number up to 3.4.7. Karolin (cherry picked from commit b280381ed338920b1746d0b2b7cd6ea6eb1f92b9) ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 54 +++++++++++++++++++++++++++++++++++++++- source3/VERSION | 2 +- source3/include/smb.h | 3 +- source3/lib/system.c | 65 +++---------------------------------------------- source3/smbd/server.c | 8 ------ 5 files changed, 58 insertions(+), 74 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 42341d0..80589c7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,54 @@ ============================= + Release Notes for Samba 3.4.7 + March 8, 2010 + ============================= + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.5.0 +------------------- + + +o Jeremy Allison <j...@samba.org> + * BUG 7222: Fix for CVE-2010-0728. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older versions follow: +---------------------------------------- + + ============================= Release Notes for Samba 3.4.6 February 24, 2010 ============================= @@ -109,8 +159,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older versions follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 3.4.5 diff --git a/source3/VERSION b/source3/VERSION index 7133dfb..f40ac81 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=4 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=7 ######################################################## # Bug fix releases use a letter for the patch revision # diff --git a/source3/include/smb.h b/source3/include/smb.h index 29c614b..2a3c455 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1690,8 +1690,7 @@ minimum length == 24. enum smbd_capability { KERNEL_OPLOCK_CAPABILITY, DMAPI_ACCESS_CAPABILITY, - LEASE_CAPABILITY, - KILL_CAPABILITY + LEASE_CAPABILITY }; /* diff --git a/source3/lib/system.c b/source3/lib/system.c index 6349af5..e815766 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -592,11 +592,6 @@ char *sys_getwd(char *s) #if defined(HAVE_POSIX_CAPABILITIES) -/* This define hasn't made it into the glibc capabilities header yet. */ -#ifndef SECURE_NO_SETUID_FIXUP -#define SECURE_NO_SETUID_FIXUP 2 -#endif - /************************************************************************** Try and abstract process capabilities (for systems that have them). ****************************************************************************/ @@ -627,32 +622,6 @@ static bool set_process_capability(enum smbd_capability capability, } #endif -#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP) - /* New way of setting capabilities as "sticky". */ - - /* - * Use PR_SET_SECUREBITS to prevent setresuid() - * atomically dropping effective capabilities on - * uid change. Only available in Linux kernels - * 2.6.26 and above. - * - * See here: - * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html - * for details. - * - * Specifically the CAP_KILL capability we need - * to allow Linux threads under different euids - * to send signals to each other. - */ - - if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) { - DEBUG(0,("set_process_capability: " - "prctl PR_SET_SECUREBITS failed with error %s\n", - strerror(errno) )); - return false; - } -#endif - cap = cap_get_proc(); if (cap == NULL) { DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n", @@ -681,11 +650,6 @@ static bool set_process_capability(enum smbd_capability capability, cap_vals[num_cap_vals++] = CAP_LEASE; #endif break; - case KILL_CAPABILITY: -#ifdef CAP_KILL - cap_vals[num_cap_vals++] = CAP_KILL; -#endif - break; } SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals)); @@ -695,37 +659,16 @@ static bool set_process_capability(enum smbd_capability capability, return True; } - /* - * Ensure the capability is effective. We assume that as a root - * process it's always permitted. - */ - - if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, - enable ? CAP_SET : CAP_CLEAR) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag effective " - "failed (%d): %s\n", - (int)capability, - strerror(errno))); - cap_free(cap); - return false; - } + cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, + enable ? CAP_SET : CAP_CLEAR); /* We never want to pass capabilities down to our children, so make * sure they are not inherited. */ - if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, - cap_vals, CAP_CLEAR) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag inheritable " - "failed (%d): %s\n", - (int)capability, - strerror(errno))); - cap_free(cap); - return false; - } + cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR); if (cap_set_proc(cap) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n", - (int)capability, + DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n", strerror(errno))); cap_free(cap); return False; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 25571a9..2c5ce40 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1027,14 +1027,6 @@ extern void build_options(bool screen); gain_root_privilege(); gain_root_group_privilege(); - /* - * Ensure we have CAP_KILL capability set on Linux, - * where we need this to communicate with threads. - * This is inherited by new threads, but not by new - * processes across exec(). - */ - set_effective_capability(KILL_CAPABILITY); - fault_setup((void (*)(void *))exit_server_fault); dump_core_setup("smbd"); -- Samba Shared Repository