This in from Roger Leigh: 22:07 < rleigh> madduck: Re davfs2: Check src/webdav.c, line 480. Looks like executable perms are enforced, but I may be wrong (I don't know the interrelationship of libneon and CODA and dafvs). auth(), line 145 also looks suspect. Generally, the code has a FIXMEs, and it looks like it is responsible for handling VFS operations. If this is correct, it's not doing a very good job. 22:11 < rleigh> (chmod is blank!) 22:18 < rleigh> madduck: I'll review it some more (I've just found the mount option handling), but IMHO it's broken. 23:15 < rleigh> madduck: Just for the record: the only trace of uid/gid/mode handling is in src/util.c, dav_(set|get)_fstat_default(). This is used by src/davfsd.c in set_mkdir_attr and coda_open (via src/webdav.c in dav_stat()). The upshot is the uid/gid are set to those provided. The mode handling looks like it might be suspect, and I don't see any permissions checking [perhaps it's supposed to be in kernelspace]. I also saw at least one leak.
-- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! "perhaps debian is concerned more about technical excellence rather than ease of use by breaking software. in the former we may excel. in the latter we have to concede the field to microsoft. guess where i want to go today?" -- manoj srivastava
signature.asc
Description: Digital signature