Christian PERRIER wrote: > OTOH, we still have lenny that's affected. Dropping the setuid bit in > lenny would break the behaviour of the package in a too invasive way, > so we need to use patches that have been proposed in upstream bug > report by Jeff Layton. > > However, they don't apply cleanly on our 3.2.5. They were meant for > upstream 3-2-test branch, so for 3.2.15 > > I started working on them yesterday and it seems feasible to port > them. Surprisingly, though, some of the 7 patches proposed by Jeff in > the attached tarball are reported as "already applied" on our 3.2.5 > sources. > > I end up with only 4 patches needed. See > patches-setuid-lenny.tar.gz. I did not try compiling lenny's samba > with them yet.
While there may be a patch for the specific issue, Jeremy made it pretty clear that it's not suitable for setuid root status. This second bug about the mtab corruption is another indicative. While it's a little more intrusive than other fixes, it appears to me that the only correct fix for Lenny is also dropping the setuid root bit while documenting the necessary dpkg-statoverride calls. I also fail to see why mount.cifs/umount.cifs should be accessible for a non-privileged user in the first place. Noone would even think about doing that for NFS, so why should CIFS be any different? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org