Bug#310982: plan to include in sarge 2.4 update
On Wed, Nov 15, 2006 at 05:54:52PM -0700, dann frazier wrote:
> On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote:
> > Yes, because this is a kernel security bug. The smbmount patch was
> > entertained pre-sarge only as a stopgap due to the proximity to release; the
> > right place to fix this is still in the kernel (upstream as appropriate).
>
> I've done some testing and verified that 2.6.18 honors uid= and 2.6.8
> does not. It looks like this was fixed upstream:
> http://linux.bkbits.net:8080/linux-2.6/cset@41752f820crlhkG3FzR1EMmg1OxskA?nav=index.html|src/|src/fs|src/fs/smbfs|related/fs/smbfs/inode.c
>
> So, I plan to use this patch for 2.6.8, and attempt to backport it to
> 2.4.27. If backporting becomes overly complicated/risky, I'll revert
> to using something like Horms' patch. I'll also see about getting a
> CVE assigned.
>
> Everyone cool with this plan?
Ack
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
Reply to: