[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#310982: plan to include in sarge 2.4 update

On Wed, Nov 15, 2006 at 05:54:52PM -0700, dann frazier wrote:
> On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote:
> > Yes, because this is a kernel security bug.  The smbmount patch was
> > entertained pre-sarge only as a stopgap due to the proximity to release; the
> > right place to fix this is still in the kernel (upstream as appropriate).
> 
> I've done some testing and verified that 2.6.18 honors uid= and 2.6.8
> does not. It looks like this was fixed upstream:
>   http://linux.bkbits.net:8080/linux-2.6/cset@41752f820crlhkG3FzR1EMmg1OxskA?nav=index.html|src/|src/fs|src/fs/smbfs|related/fs/smbfs/inode.c
> 
> So, I plan to use this patch for 2.6.8, and attempt to backport it to
> 2.4.27. If backporting becomes overly complicated/risky, I'll revert
> to using something like Horms' patch. I'll also see about getting a
> CVE assigned.
> 
> Everyone cool with this plan?

Ack

-- 
Horms
  H: http://www.vergenet.net/~horms/
  W: http://www.valinux.co.jp/en/
Reply to: