Security problem with Samba on Linux
------------------------------------
In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a severe security flaw which was undetected until
now.
We are releasing new binaries and fixed source code as release numbers:
3.5.1, 3.4.7 and 3.3.12 with this fix included. This will be the only
fix included in these release numbers.
The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.
Please note this security problem does not affect any platform that does
not support capabilities and platforms where binaries were built without
libcap support.
Also note that 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x
versions are NOT affected.
How did this happen ?
---------------------
.....
http://lists.samba.org/archive/samba-announce/2010/000211.html
Ответ на:
комментарий
от elipse
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.