[Pkg-samba-maint] Bug#567554: Bug#567554: Privilege escalation in mount.cifs

Steve Langasek vorlon at debian.org
Mon Feb 1 07:57:41 UTC 2010 

On Sun, Jan 31, 2010 at 01:09:22PM +0100, Christian PERRIER wrote:
> Quoting Moritz Muehlenhoff (jmm at debian.org):
> > Package: smbfs
> > Severity: grave
> > Tags: security
> > 
> > This is CVE-2009-3297:
> > https://bugzilla.samba.org/show_bug.cgi?id=6853
> > 
> > /usr/share/doc/smbfs/TODO.Debian states:
> >   There is concern about the setuid status of binaries in this package.
> >   The audit status of the concerned binaries is unclear.  We should
> >   figure out whether it is reasonable to provide the flexible user mount
> >   capabilities or whether a more restricted setup is better, at least by
> >   default.

> > Given that Jeremy Allison writes in the bug above you should probably
> > drop the setuid for Squeeze:

> My concern here is that it would definitely be a regression for users
> who rely on user mounting of CIFS volumes.

> A compromise could be a debconf question about adding the setuid bit
> to mount.cifs (with a default to False, of course).

> Steve, your advice?

Upstream has been increasingly unsupportive of this configuration over time,
and given Jeremy's latest comments on this bug, I think the only reasonable
action here is to drop support for this is the package entirely and document
it in NEWS.Debian on upgrade.

(Users who must have this continue to work can use dpkg-statoverride to set
the suid bit; but I wouldn't even suggest that in NEWS.Debian, because users
shouldn't be encouraged to set programs suid when they're not meant to be
used that way.)

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100131/bf67c3e2/attachment.pgp>

More information about the Pkg-samba-maint mailing list