Quoting Michael Gilbert (michael.s.gilb...@gmail.com): > no, if you watch the video closely (also see [0]), you can see that they > have read access to pretty much any file on the system > (i.e. /etc/passwd) and write access to any location writable by the > account they connect under. > > > That's a bug, it should be fixed, but its impact isn't release-critical. > > it's your call, but i disagree.
In such case, I think we should let upstream do their job and investigate/discuss the issue...which is what happened when Jeremy posted in sa...@lists.samba.org yesterday. So, imho, the bug report was a little bit premature(en?) as I think we've already confirmed that we follow upstream development closely enough. As of now, I understand that the planned fix is to disable wide links by default. In such case, I don't see much more action to have in Debian. Particularly, I'm unsure about fixing lenny.
signature.asc
Description: Digital signature