[Pkg-samba-maint] Bug#425391: Patch/bug fix for CVE-2007-2447 breaks the use of ;
Arno van Amersfoort
a.c.j.van.amersfoort at eld.physics.leidenuniv.nl
Mon May 21 12:29:27 UTC 2007
Package: samba
Version: 3.0.14a-3sarge
After some debugging I discovered that a strange problem I experienced
was caused by the patched code added in Samba 3.0.14a-3sarge for
CVE-2007-2447 (Remote Command Injection Vulnerability). It is now no
longer possible to use the ";" character in options like "preexec = " &
"postexec =" causing the use of ie. (in my case) "root preexec = mkdir
-p /home/software/Recycle; chown root:admins /home/software/.Recycle" to
be executed as "root preexec = mkdir -p /home/software/Recycle chown
root:admins /home/software/.Recycle" (The semicolon disappears!).
As far as I can see now, it also breaks the use of (in my case) "passwd
program = /usr/bin/passwd %u; /usr/local/lib/yp_make.sh"
This new unexpected behaviour can possibly break a lot of setups! I
think the easiest solution is to add the ";" (and possibly also & and |)
to #define INCLUDE_LIST
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.,"
--
Ing. A.C.J. van Amersfoort (Arno)
Department Of Electronics (ELD, k1007)
Huygens Laboratory
Leiden University
P.O. Box 9504
Niels Bohrweg 2
2333 CA Leiden
The Netherlands
----------------------------------------------------------------
Phone : +31-(0)71-527.1894 Fax: +31-(0)71-527.5819
E-mail: a.c.j.van.amersfoort at eld.physics.leidenuniv.nl
----------------------------------------------------------------
Arno's (Linux firewall) homepage: http://rocky.eld.leidenuniv.nl
More information about the Pkg-samba-maint
mailing list