I'm surprised there haven't been any mails here about this yet. As far as I know, this affects any Debian installation that uses Linux 2.6. If I understand the issue correctly, both Linux 2.6 and Samba 3.0 support CIFS extensions for Unix, which means that an executable can retain its suid status when smbmounted -- if it's suid on the server, it's suid on the client too. Following the instructions on the original report to gain root on a vulnerable system (the client) is quite easy.
http://www.securityfocus.com/archive/1/353217/2004-02-07/2004-02-13/1 (note that the report involves two systems - one server and one client) On a temporary basis, this problem can be easily mitigated: # chmod u-s `which smbmnt` ...but this prevents regular users from smbmounting. There's a patch in the original advisory, but that hasn't seen any attention yet on the lkml. So, I'm wondering: what is the proper way to fix this? Thanks, Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
