On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote: > Yes, because this is a kernel security bug. The smbmount patch was > entertained pre-sarge only as a stopgap due to the proximity to release; the > right place to fix this is still in the kernel (upstream as appropriate).
I've done some testing and verified that 2.6.18 honors uid= and 2.6.8 does not. It looks like this was fixed upstream: http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]|src/|src/fs|src/fs/smbfs|related/fs/smbfs/inode.c So, I plan to use this patch for 2.6.8, and attempt to backport it to 2.4.27. If backporting becomes overly complicated/risky, I'll revert to using something like Horms' patch. I'll also see about getting a CVE assigned. Everyone cool with this plan? -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
