Package: smbfs Version: 3.0.14a-1 Severity: serious Justification: break security on upgrade
Hello Debian samba maintainers, smbmount does not honour the uid and gid option with the sarge 2.4 kernel when the server has 'unix extensions' enabled. The security problem is that 'unix extension' are not enabled with woody samba server but are enabled by the upgrade to sarge (since this is the default). At this point the bug in smbmount on the samba client allow users on the client to access the samba share with the same permission they would have on the server disregarding the uid/gid option passed to smbmount. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27-2-386 Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
