On Sun, 2005-05-29 at 01:44 -0700, Steve Langasek wrote: > On Sat, May 28, 2005 at 11:45:23PM +0200, Bill Allombert wrote: > > On Sat, May 28, 2005 at 02:07:04PM -0700, Steve Langasek wrote: > > > On Sat, May 28, 2005 at 06:39:28PM +0200, Bill Allombert wrote: > > > > On Fri, May 27, 2005 at 12:20:49PM -0700, Steve Langasek wrote: > > > > > On Sat, May 28, 2005 at 05:17:39AM +1000, Andrew Bartlett wrote: > > > > > Yeah, on second look I see that it can be done in smbmount, and this would > > > > > be a far more expedient fix. > > > > > You mean something like the patch below ? > > > > (Not tested yet, want to be sure this is the idea) > > > > I would've uploaded such a fix already, but upstream objects to this because > > > doing this in userspace instead of in the kernel means losing the other > > > features of CAP_UNIX -- which are, uh, symlinks and pipes, basically. I'm > > > not really convinced that symlinks and pipes are important enough for people > > > who are using existing mounts with uid or gid smashing to warrant shipping > > > I am obviously biased since I spend a whole night trying to track down this > > problem, but I think that people interested in CAP_UNIX will have moved > > to kernel 2.6 and cifs. At that point it seems unlikely that kernel 2.4 > > will be ever fixed, in Debian or in mainline. > > > It is a very nasty security problem: The server can change the security > > model of the client by enabling unix capability ! This can be used to > > compromise the client if the server is compromised. > > Yes, I certainly agree that it's bad, and I'm really leaning towards the > position that the security implications for users upgrading from woody > outweigh upstream's desire for the other features to Just Work. Even > *those* are a behavior change, and arguably not an automatic win for all > users. > > > One option would be to check if the host run a 2.4 kernel or a 2.6 kernel > > and only apply the correction for 2.4 kernel. (It is my understanding > > that 2.6 kernels do not have this problem, though I did not try); > > Well, most people using 2.6 kernels are likely to be using cifs instead of > smbfs anyway (due to smbfs's general bitrot in 2.6 last I looked at it), so > I'm not sure that addresses upstream's objections. I suggest you raise this on the samba-technical list, to get a broader viewpoint of what 'upstream' might think. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
Attachment:
signature.asc
Description: This is a digitally signed message part