From: Jeremy Allison on 8 Mar 2010 17:10 Security problem with Samba on Linux ------------------------------------ In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a severe security flaw which was undetected until now. We are releasing new binaries and fixed source code as release numbers: 3.5.1, 3.4.7 and 3.3.12 with this fix included. This will be the only fix included in these release numbers. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access. Please note this security problem does not affect any platform that does not support capabilities and platforms where binaries were built without libcap support. Also note that 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x versions are NOT affected. How did this happen ? --------------------- Our testing procedures failed. Errors in code always happen, and we guard against them by writing tests which we run against the code continuously. As Samba runs as a root process, many of our test environments run under a build farm "shim" that allows people to test Samba without granting it root privilege. Unfortunately, this means that some of the tests cannot be run correctly. This is the "make test" that developers run frequently. Extra tests are run as root to detect these areas, but are not run as often as the normal "make test" that the developers run. This problem affects only binaries compiled with capabilities support. The libcap development packages need to be installed at build time for samba to be vulnerable. Unfortunately, although most developers do have the package, it was absent on the machines used to do pre-release validation, causing the flawed code not to be compiled into the tested binary. None of our third party testers or partners discovered this flaw before release. How are we intending to fix this ? ---------------------------------- We will be fixing "make test" so it can be run as root for all the developers to regularly test with elevated privilege. In addition we will be adding extra tests to check for this specific issue, to ensure we do not ever release with such a regression again. As this was such a serious flaw, we will not be doing any further Samba 3.x releases other than the security fix until these tests are in place. Please accept our apologies for such a serious error, and our assurances that we will do everything within our power to ensure this will not happen again. With our most sincere regrets, The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: error today [SOLVED] Next: [Samba] New Domain Controler (PDC) and Windows Profiles |