dann frazier wrote:
> On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote:
> > Yes, because this is a kernel security bug. The smbmount patch was
> > entertained pre-sarge only as a stopgap due to the proximity to release; the
> > right place to fix this is still in the kernel (upstream as appropriate).
>
> I've done some testing and verified that 2.6.18 honors uid= and 2.6.8
> does not. It looks like this was fixed upstream:
> http://linux.bkbits.net:8080/linux-2.6/[EMAIL
> PROTECTED]|src/|src/fs|src/fs/smbfs|related/fs/smbfs/inode.c
>
> So, I plan to use this patch for 2.6.8, and attempt to backport it to
> 2.4.27. If backporting becomes overly complicated/risky, I'll revert
> to using something like Horms' patch. I'll also see about getting a
> CVE assigned.
>
> Everyone cool with this plan?
Ok.
Regards,
Joey
--
If nothing changes, everything will remain the same. -- Barne's Law
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
