[Pkg-samba-maint] Bug#568942: Bug#568942: samba: mtab corruption via malicious crafted string

[Moritz Muehlenhoff]

On Sun, Feb 14, 2010 at 07:12:37AM +0100, Christian PERRIER wrote:
> Quoting Steve Langasek (vorlon at debian.org):
> 
> Thanks for helping out on that issue. It was very clearly going beyond
> my skills and knowledge. This is why we have a team..:-)
> 
> > The tarball attached to your earlier mail includes a number of patches that
> > are not related to bug #6853, and which have not been posted to bug #6853.
> > Where did you get this tarball?
> 
> https://bugzilla.samba.org/show_bug.cgi?id=6853#c13
> 
> Indeed that bug report is quite messy and really mixes many things
> together, hence /me being puzzled.
> 
> > In particular, the patches
> > 0001-Revert-cifs-mount-did-not-properly-display-version-s.patch,
> > 0002-s3-mount.cifs-make-mount.cifs-V-print-the-version-no.patch, and
> > 0003-mount.cifs-directly-include-sys-stat.h-in-mtab.c.patch are unrelated to
> > either of the identified security issues and should not be applied to
> > stable; and 0004-mount.cifs-properly-check-for-mount-being-in-fstab-w.patch
> > and 0007-mount.cifs-don-t-allow-it-to-be-run-as-setuid-root-p.patch
> > deliberately change the behavior of mount.cifs with the rationale that
> > allowing users to mount shares on directories they own, or shipping
> > mount.cifs suid-root, is not "safe", which is upstream backpedalling on
> > previous design decisions and not related to either of the CVEs.
> > 
> > The only patches that are relevant for stable are
> > 0005-mount.cifs-take-extra-care-that-mountpoint-isn-t-cha.patch and
> > 0006-mount.cifs-check-for-invalid-characters-in-device-na.patch,
> > corresponding to CVE-2009-3297 and CVE-2010-0547 respectively.  I've applied
> > these to the lenny package and will be uploading to the lenny security queue
> > shortly.
> 
> 
> Ack. THanks for your time and work on this hairy issue.

Fair enough, I'll leave this to the maintainer's judgement and process this
update.

Cheers,
        Moritz