| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Hi all -- |
| 5 |
|
| 6 |
Can someone who uses Samba please take a look at bugs 41800 and 45965? 41800 |
| 7 |
is a local-root vulnerability with smbmount/smbfs (it has an updated ebuild), |
| 8 |
and 45965 is a symlink vulnerability in smbprint (and it has the patch that |
| 9 |
goes with 41800). |
| 10 |
|
| 11 |
I'd like to make sure I got the smbprint patch right. |
| 12 |
|
| 13 |
Also, what are your reactions to making smbmount non-setuid (thus preventing |
| 14 |
normal users from mounting remote Samba filesystems)? Is there a better |
| 15 |
workaround/fix for this (other than patching the kernel)? I'd rather not |
| 16 |
tamper with existing functionality if I can help it. |
| 17 |
|
| 18 |
Thanks. |
| 19 |
|
| 20 |
- -- Josh |
| 21 |
|
| 22 |
- ----------------------------------------- |
| 23 |
Joshua J. Berry |
| 24 |
|
| 25 |
"I haven't lost my mind -- it's backed up on tape somewhere." |
| 26 |
-- /usr/games/fortune |
| 27 |
|
| 28 |
NOTE: Please do not submit this email address to any mailing |
| 29 |
lists or websites without prior permission. Thank you. |
| 30 |
-----BEGIN PGP SIGNATURE----- |
| 31 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 32 |
|
| 33 |
iD8DBQFAe0RYaIxeYlQMsxsRAu9RAJ4ly6bCUFLsAO9FN1DPhLpfTkzPmQCfc2sr |
| 34 |
PQVKIuIF+GuAWZ2TwjF8iVk= |
| 35 |
=0Rkb |
| 36 |
-----END PGP SIGNATURE----- |
| 37 |
|
| 38 |
-- |
| 39 |
gentoo-security@g.o mailing list |
Archives