On Wed, Nov 15, 2006 at 05:54:52PM -0700, dann frazier wrote: > On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote: > > Yes, because this is a kernel security bug. The smbmount patch was > > entertained pre-sarge only as a stopgap due to the proximity to release; the > > right place to fix this is still in the kernel (upstream as appropriate). > > I've done some testing and verified that 2.6.18 honors uid= and 2.6.8 > does not. It looks like this was fixed upstream: > http://linux.bkbits.net:8080/linux-2.6/[EMAIL > PROTECTED]|src/|src/fs|src/fs/smbfs|related/fs/smbfs/inode.c > > So, I plan to use this patch for 2.6.8, and attempt to backport it to > 2.4.27. If backporting becomes overly complicated/risky, I'll revert > to using something like Horms' patch. I'll also see about getting a > CVE assigned. > > Everyone cool with this plan?
Ack -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
