Bug#310982: plan to include in sarge 2.4 update

To: dann frazier <dannf@debian.org>
Cc: Steve Langasek <vorlon@debian.org>, 310982@bugs.debian.org, Bill Allombert <allomber@math.u-bordeaux.fr>, Horms <horms@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, ballombe@debian.org, team@security.debian.org
Subject: Bug#310982: plan to include in sarge 2.4 update
From: Martin Schulze <joey@infodrom.org>
Date: Thu, 16 Nov 2006 09:12:58 +0100
Message-id: <[🔎] 20061116081257.GW18132@finlandia.home.infodrom.org>
Reply-to: Martin Schulze <joey@infodrom.org>, 310982@bugs.debian.org
In-reply-to: <[🔎] 20061116005451.GQ31374@colo>
References: <[🔎] 20061113042813.GK19049@colo> <[🔎] 20061113090951.GA13244@seventeen> <[🔎] 20061113162609.GD10411@colo> <[🔎] 20061113164956.GF13244@seventeen> <[🔎] 20061113202259.GF27636@borges.dodds.net> <[🔎] 20061116005451.GQ31374@colo>

dann frazier wrote:
> On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote:
> > Yes, because this is a kernel security bug.  The smbmount patch was
> > entertained pre-sarge only as a stopgap due to the proximity to release; the
> > right place to fix this is still in the kernel (upstream as appropriate).
> 
> I've done some testing and verified that 2.6.18 honors uid= and 2.6.8
> does not. It looks like this was fixed upstream:
>   http://linux.bkbits.net:8080/linux-2.6/cset@41752f820crlhkG3FzR1EMmg1OxskA?nav=index.html|src/|src/fs|src/fs/smbfs|related/fs/smbfs/inode.c
> 
> So, I plan to use this patch for 2.6.8, and attempt to backport it to
> 2.4.27. If backporting becomes overly complicated/risky, I'll revert
> to using something like Horms' patch. I'll also see about getting a
> CVE assigned.
> 
> Everyone cool with this plan?

Ok.

Regards,

	Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- Bug#310982: plan to include in sarge 2.4 update
  - From: dann frazier <dannf@debian.org>
- Bug#310982: plan to include in sarge 2.4 update
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>
- Bug#310982: plan to include in sarge 2.4 update
  - From: dann frazier <dannf@dannf.org>
- Bug#310982: plan to include in sarge 2.4 update
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>
- Bug#310982: plan to include in sarge 2.4 update
  - From: Steve Langasek <vorlon@debian.org>
- Bug#310982: plan to include in sarge 2.4 update
  - From: dann frazier <dannf@debian.org>

Prev by Date: Bug#310982: plan to include in sarge 2.4 update
Next by Date: Bug#310982: plan to include in sarge 2.4 update
Previous by thread: Bug#310982: plan to include in sarge 2.4 update
Next by thread: Bug#310982: plan to include in sarge 2.4 update
Index(es):
- Date
- Thread