1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On Monday 12 April 2004 19:18, you wrote: |
5 |
> If you are going to do this, can you make sure it can easily be defeated |
6 |
> and is adequately commented. |
7 |
|
8 |
I put a nice long ewarn into the ebuild saying exactly what has changed. I'm |
9 |
also going to include a prominent notice in the GLSA. |
10 |
|
11 |
Changing it back is just a matter of chmod u+s |
12 |
on /usr/sbin/smbumount, /usr/bin/smbmnt and /usr/bin/mount.cifs . |
13 |
|
14 |
> It seems to me that making smbmounts root |
15 |
> only will suit only a few installations. i.e., how would different |
16 |
> users logging into a system mount their smb shares - call a sysadmin |
17 |
> every morning when they arrive at work and boot up their workstation? |
18 |
|
19 |
I know, I feel your pain here -- I'm just not sure what else we can do right |
20 |
now. :-/ |
21 |
|
22 |
If there are a few specific shares that users need to mount, you can always |
23 |
add them to /etc/fstab, I suppose. The real danger with this bug is mounting |
24 |
arbitrary shares that aren't controlled by the sysadmin; shares which could |
25 |
have setuid-root binaries on them. |
26 |
|
27 |
> Also, would their be any effect on printers and other samba services? |
28 |
|
29 |
To the best of my knowledge, no. The only thing that is being affected is the |
30 |
ability of normal users to mount remote Samba shares. |
31 |
|
32 |
- ----------------------------------------- |
33 |
Joshua J. Berry |
34 |
|
35 |
"I haven't lost my mind -- it's backed up on tape somewhere." |
36 |
-- /usr/games/fortune |
37 |
|
38 |
NOTE: Please do not submit this email address to any mailing |
39 |
lists or websites without prior permission. Thank you. |
40 |
-----BEGIN PGP SIGNATURE----- |
41 |
Version: GnuPG v1.2.4 (GNU/Linux) |
42 |
|
43 |
iD8DBQFAe1JsaIxeYlQMsxsRAlBmAKCctEQAyTV2D4uwheQYP7vVKo9RPgCeNeYL |
44 |
AB+HqAhIjuFStiFbaO/XMv0= |
45 |
=OdnM |
46 |
-----END PGP SIGNATURE----- |
47 |
|
48 |
-- |
49 |
gentoo-security@g.o mailing list |