| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Monday 12 April 2004 19:18, you wrote: |
| 5 |
> If you are going to do this, can you make sure it can easily be defeated |
| 6 |
> and is adequately commented. |
| 7 |
|
| 8 |
I put a nice long ewarn into the ebuild saying exactly what has changed. I'm |
| 9 |
also going to include a prominent notice in the GLSA. |
| 10 |
|
| 11 |
Changing it back is just a matter of chmod u+s |
| 12 |
on /usr/sbin/smbumount, /usr/bin/smbmnt and /usr/bin/mount.cifs . |
| 13 |
|
| 14 |
> It seems to me that making smbmounts root |
| 15 |
> only will suit only a few installations. i.e., how would different |
| 16 |
> users logging into a system mount their smb shares - call a sysadmin |
| 17 |
> every morning when they arrive at work and boot up their workstation? |
| 18 |
|
| 19 |
I know, I feel your pain here -- I'm just not sure what else we can do right |
| 20 |
now. :-/ |
| 21 |
|
| 22 |
If there are a few specific shares that users need to mount, you can always |
| 23 |
add them to /etc/fstab, I suppose. The real danger with this bug is mounting |
| 24 |
arbitrary shares that aren't controlled by the sysadmin; shares which could |
| 25 |
have setuid-root binaries on them. |
| 26 |
|
| 27 |
> Also, would their be any effect on printers and other samba services? |
| 28 |
|
| 29 |
To the best of my knowledge, no. The only thing that is being affected is the |
| 30 |
ability of normal users to mount remote Samba shares. |
| 31 |
|
| 32 |
- ----------------------------------------- |
| 33 |
Joshua J. Berry |
| 34 |
|
| 35 |
"I haven't lost my mind -- it's backed up on tape somewhere." |
| 36 |
-- /usr/games/fortune |
| 37 |
|
| 38 |
NOTE: Please do not submit this email address to any mailing |
| 39 |
lists or websites without prior permission. Thank you. |
| 40 |
-----BEGIN PGP SIGNATURE----- |
| 41 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 42 |
|
| 43 |
iD8DBQFAe1JsaIxeYlQMsxsRAlBmAKCctEQAyTV2D4uwheQYP7vVKo9RPgCeNeYL |
| 44 |
AB+HqAhIjuFStiFbaO/XMv0= |
| 45 |
=OdnM |
| 46 |
-----END PGP SIGNATURE----- |
| 47 |
|
| 48 |
-- |
| 49 |
gentoo-security@g.o mailing list |
Archives