On Wed, 01 Feb 2006 07:34:51 +1100 Andrew Bartlett <[EMAIL PROTECTED]> wrote: > On Tue, 2006-01-31 at 09:32 -0600, Gerald (Jerry) Carter wrote: > > imacat wrote: > > >> No, I think we need to avoid smbmnt getting these defines. > > >> This is a setuid app, and I'm worried by how socket wrapper > > >> (and the environment variable based changes in behaviour) > > >> would interact, in a security sense. > > > Oh. Thank you for reminding me this. This is *really* > > > a serious security issue. I've recompiled all my samba > > > without socket_wrapper. Thanks again for pointing out this. > > No its not a security issue. The socket wrapper stuff is for > > development testing only. There is no production value in it. > I think the correct phrasing is that imacat's proposed fix would create > a serious security issue on machines compiled with the socket wrapper > code, and mistakenly deployed in production. That is why I said it was > an incorrect fix.
Yes, I think I did not misunderstand Andrew's words.
> The correct fix (for the build issue) is not to have smbmnt built with
> those defines in place, so we link correctly.
Maybe the correct fix is to provide a working test suite? I feel
unconmfortable without a successful test result, if I have to say so. I
have very bad experiences which I forced the installation with test
failures and resulted in unrecoverable disaster.
Anyway, I'm not pushing anyone on this issue. I know everybody is
working hard. ^^;
--
Best regards,
imacat ^_*' <[EMAIL PROTECTED]>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
pgpdjB4FzjCOw.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
