[Pkg-samba-maint] Bug#424629: security upgrade broke permissions check.

Christian Perrier bubulle at debian.org
Sat May 19 17:28:31 UTC 2007 

> The samba team just sent me the attached patch which supposedly fixes
> #424629 for 3.0.24-6etch1 (in short, it fixes that RC bug in etch's
> samba).


OK, I succeeded building a test case.

On an etch samba server running 3.0.24-6etch1, as this to smb.conf:

[test]
   comment =  Test
   path=/var/tmp/test
   create mode = 0664
   directory mode = 2775
   force group = foo
   valid users = @users

In /var/tmp/test, create a directory named "bar":

bubulle at kheops:~/src/debian/samba$ ls -l /var/tmp/test
total 8592
drwxrwx---  2 root    users       4096 2007-05-19 14:07 bar

Notice the directory belongs to "users" and 770 permissions

Connect to this with a user who's member of "users":

bubulle at kheops:~/src/debian/samba$ smbclient //kheops/test -U bubulle
Password:
Domain=[MAISON] OS=[Unix] Server=[Samba 3.0.24]
smb: \> cd foo
smb: \foo\> dir
NT_STATUS_ACCESS_DENIED listing \foo\*

                37547 blocks of size 262144. 9849 blocks available


As "bubulle" is member of "users", he should be able to list the
directory.

With 3.0.24-6etch2 I just built with the attached patch:


bubulle at kheops:~/src/debian/samba$ smbclient //kheops/www -U bubulle
Password:
Domain=[MAISON] OS=[Unix] Server=[Samba 3.0.24]
smb: \> cd foo
smb: \foo\> dir
  .                                   D        0  Sat May 19 14:07:56 2007
  ..                                  D        0  Sat May 19 14:07:56 2007

                37547 blocks of size 262144. 9849 blocks available


So, in short, we should update the version in etch with this patch.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: 424629.patch
Type: text/x-diff
Size: 3258 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070519/1e2afa15/attachment.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070519/1e2afa15/attachment.pgp

More information about the Pkg-samba-maint mailing list