This in from Roger Leigh:
22:07 < rleigh> madduck: Re davfs2: Check src/webdav.c, line 480. Looks like
executable perms are enforced, but I may be wrong (I don't know the
interrelationship of libneon and CODA and dafvs). auth(), line 145
also looks suspect. Generally, the code has a FIXMEs, and it looks
like it is responsible for handling VFS operations. If this is
correct, it's not doing a very good job.
22:11 < rleigh> (chmod is blank!)
22:18 < rleigh> madduck: I'll review it some more (I've just found the mount
option handling), but IMHO it's broken.
23:15 < rleigh> madduck: Just for the record: the only trace of uid/gid/mode
handling is in src/util.c, dav_(set|get)_fstat_default(). This is
used by src/davfsd.c in set_mkdir_attr and coda_open (via
src/webdav.c in dav_stat()). The upshot is the uid/gid are set to
those provided. The mode handling looks like it might be suspect,
and I don't see any permissions checking [perhaps it's supposed to be
in kernelspace]. I also saw at least one leak.
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
"perhaps debian is concerned more about technical excellence rather
than ease of use by breaking software. in the former we may excel.
in the latter we have to concede the field to microsoft. guess
where i want to go today?"
-- manoj srivastava
signature.asc
Description: Digital signature

