On 4/12/12 11:57 AM, Robert Wyatt wrote: > Alexander Hansen wrote: >> On 4/12/12 10:36 AM, Alexander Hansen wrote: >>> On 4/12/12 10:04 AM, Robert Wyatt wrote: >>>> My ISO (information security office) is requiring me (it says >>>> "recommends" below--but that's not what they really mean) to update my >>>> Samba installation on a MacOS 10.5 machine that I have. >>>> >>>> Currently fink offers Samba3 at version: 3.6.0. >>>> >>>> ------------------------------ >>>> Steps for Remediation >>>> ------------------------------ >>>> >>>> The ISO highly recommends that you update Samba. Versions 3.6.4, >>>> 3.5.14, and >>>> 3.4.16 have been released to address this defect, and are available at >>>> http://www.samba.org/samba/security/. In addition, due to the >>>> severity and >>>> extreme risk posed by this flaw, Samba has also made patches >>>> available for all >>>> versions currently out of support and maintenance from 3.0.37 >>>> onwards at >>>> http://samba.org/samba/patches/. If you are using RedHat, RedHat >>>> has released >>>> Samba version 3.5.10-115 to address this vulnerability. >>>> >>>> >>>> My question: Has anyone tried a newer build yet on any of the active >>>> trees? This machine is a PPC; I need to either update it or disable >>>> Samba. >>>> >>>> Thanks, >>>> Robert >>>> >>>> >>> ( Correcting Daniel J.'s address. :-) ) >>> >>> In case nobody else has tried that, it may be worth doing a local >>> update of samba3 on your machine to build 3.6.4. It may just be a >>> simple matter of changing the version and Source-MD5 (though I >>> wouldn't count on it). >>> >>> >> Maybe I'm too negative. :-) I tried changing the version of samba3 >> to 3.6.4 and updating the Source-MD5 and the build appears to be >> successful. >> >> One thing to note is that our samba3 is set up _not_ to run its smbd >> automatically: >> >> DescUsage: << >> No attempt to start the smbd server automatically has been made >> as it >> could interfere with OS X's own smbd server. This might be >> implemented >> later but for now is left as an exercise for the user. >> << >> > > Got it, thanks Alexander! Considering the vulnerability, I'll need to > switch to fink's Samba or the ISO will be on my LAN administrator > whose job it is to enforce compliance.. I guess I'll need to think > about how to do that unless someone happens to know a tidy method > offhand...? > > At any rate, I'll try the build next. > > --Robert > Editing /System/Library/LaunchDaemons/smbd.plist to replace /usr/sbin/smbd with /sw/sbin/smbd should cover your machine's SMB server.
I'm not sure exactly what one would need to do at the _client_ side, e.g. to have the Finder use Fink's samba3 rather than the built-in samba to access SMB shares. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Fink-users mailing list Fink-users@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.macosx.fink.user Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-users
