The branch, v3-4-test has been updated via cf67945... WHATSNEW: Start release notes for Samba 3.4.8. via 16f92f7... VERSION: Raise version number up to 3.4.8. via b6311ea... Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write." via da0da47... WHATSNEW: Prepare release notes for Samba 3.4.7. from f94a377... mount.cifs: don't allow it to be run as setuid root program
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit cf679452b32de243cea61349f93e661f61ba4988 Author: Karolin Seeger <ksee...@samba.org> Date: Tue Mar 9 10:42:40 2010 +0100 WHATSNEW: Start release notes for Samba 3.4.8. Karolin commit 16f92f795d8403988919f0890445acffa249e29a Author: Karolin Seeger <ksee...@samba.org> Date: Tue Mar 9 10:39:40 2010 +0100 VERSION: Raise version number up to 3.4.8. Karolin commit b6311eaa51d8dc3d96164d88cec5735052ba19a2 Author: Karolin Seeger <ksee...@samba.org> Date: Mon Mar 8 20:53:38 2010 +0100 Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write." This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9. This fixes bug #7222 (All users have full rigths on all shares)(CVE-2010-0728). (cherry picked from commit 49fc62cc5d8bcb2ef246fa6505c99071b406c413) commit da0da473dd0d397236836c177c97d2f98853f1a3 Author: Karolin Seeger <ksee...@samba.org> Date: Mon Mar 8 20:52:56 2010 +0100 WHATSNEW: Prepare release notes for Samba 3.4.7. Karolin (cherry picked from commit bdad63514f345a10774dade1746072312ed140c1) ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 64 ++++++++++++++++++++++++++++++++++++++++++------ source3/VERSION | 2 +- source3/include/smb.h | 3 +- source3/lib/system.c | 65 +++---------------------------------------------- source3/smbd/server.c | 8 ------ 5 files changed, 62 insertions(+), 80 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 28f1812..9a61578 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,23 +1,21 @@ ============================= - Release Notes for Samba 3.4.7 - , 2010 + Release Notes for Samba 3.4.8 + , 2010 ============================= This is the latest stable release of Samba 3.4. -Major enhancements in Samba 3.4.7 include: +Major enhancements in Samba 3.4.6 include: - o +o -###################################################################### -Changes -####### -Changes since 3.4.6 +Changes since 3.4.7 ------------------- +o ###################################################################### @@ -44,6 +42,56 @@ Release notes for older versions follow: ---------------------------------------- ============================= + Release Notes for Samba 3.4.7 + March 8, 2010 + ============================= + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.4.6 +------------------- + + +o Jeremy Allison <j...@samba.org> + * BUG 7222: Fix for CVE-2010-0728. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= Release Notes for Samba 3.4.6 February 24, 2010 ============================= diff --git a/source3/VERSION b/source3/VERSION index 261187f..a3634e6 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=4 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 ######################################################## # Bug fix releases use a letter for the patch revision # diff --git a/source3/include/smb.h b/source3/include/smb.h index 29c614b..2a3c455 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1690,8 +1690,7 @@ minimum length == 24. enum smbd_capability { KERNEL_OPLOCK_CAPABILITY, DMAPI_ACCESS_CAPABILITY, - LEASE_CAPABILITY, - KILL_CAPABILITY + LEASE_CAPABILITY }; /* diff --git a/source3/lib/system.c b/source3/lib/system.c index 6349af5..e815766 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -592,11 +592,6 @@ char *sys_getwd(char *s) #if defined(HAVE_POSIX_CAPABILITIES) -/* This define hasn't made it into the glibc capabilities header yet. */ -#ifndef SECURE_NO_SETUID_FIXUP -#define SECURE_NO_SETUID_FIXUP 2 -#endif - /************************************************************************** Try and abstract process capabilities (for systems that have them). ****************************************************************************/ @@ -627,32 +622,6 @@ static bool set_process_capability(enum smbd_capability capability, } #endif -#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP) - /* New way of setting capabilities as "sticky". */ - - /* - * Use PR_SET_SECUREBITS to prevent setresuid() - * atomically dropping effective capabilities on - * uid change. Only available in Linux kernels - * 2.6.26 and above. - * - * See here: - * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html - * for details. - * - * Specifically the CAP_KILL capability we need - * to allow Linux threads under different euids - * to send signals to each other. - */ - - if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) { - DEBUG(0,("set_process_capability: " - "prctl PR_SET_SECUREBITS failed with error %s\n", - strerror(errno) )); - return false; - } -#endif - cap = cap_get_proc(); if (cap == NULL) { DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n", @@ -681,11 +650,6 @@ static bool set_process_capability(enum smbd_capability capability, cap_vals[num_cap_vals++] = CAP_LEASE; #endif break; - case KILL_CAPABILITY: -#ifdef CAP_KILL - cap_vals[num_cap_vals++] = CAP_KILL; -#endif - break; } SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals)); @@ -695,37 +659,16 @@ static bool set_process_capability(enum smbd_capability capability, return True; } - /* - * Ensure the capability is effective. We assume that as a root - * process it's always permitted. - */ - - if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, - enable ? CAP_SET : CAP_CLEAR) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag effective " - "failed (%d): %s\n", - (int)capability, - strerror(errno))); - cap_free(cap); - return false; - } + cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, + enable ? CAP_SET : CAP_CLEAR); /* We never want to pass capabilities down to our children, so make * sure they are not inherited. */ - if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, - cap_vals, CAP_CLEAR) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag inheritable " - "failed (%d): %s\n", - (int)capability, - strerror(errno))); - cap_free(cap); - return false; - } + cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR); if (cap_set_proc(cap) == -1) { - DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n", - (int)capability, + DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n", strerror(errno))); cap_free(cap); return False; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 25571a9..2c5ce40 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1027,14 +1027,6 @@ extern void build_options(bool screen); gain_root_privilege(); gain_root_group_privilege(); - /* - * Ensure we have CAP_KILL capability set on Linux, - * where we need this to communicate with threads. - * This is inherited by new threads, but not by new - * processes across exec(). - */ - set_effective_capability(KILL_CAPABILITY); - fault_setup((void (*)(void *))exit_server_fault); dump_core_setup("smbd"); -- Samba Shared Repository