~stefanor/ubuntu/lucid/samba/ntlm-auth-623342

« back to all changes in this revision

Viewing changes to debian/patches/security-CVE-2010-0728.patch

Committer: Bazaar Package Importer
Author(s): Chuck Short
Date: 2010-03-19 21:17:40 UTC
mfrom: (0.27.11 upstream) (0.34.7 sid)
Revision ID: james.westby@ubuntu.com-20100319211740-gicih0sczyw0x1iv

Tags: 2:3.4.7~dfsg-1ubuntu1

https://launchpad.net/bugs/493565

https://launchpad.net/bugs/182572

https://launchpad.net/bugs/24741

https://launchpad.net/bugs/529290

https://launchpad.net/bugs/507374

* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control:
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apport hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported from Samba 3.5.x (LP: #182572)
  + debian/samba.postinst: Avoid scary pdbedit warnings on first import. (LP: #24741)
  + debian/samba.logrotate: Make it upstart compatible (LP: #529290)
  + debian/samba-common.dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)
  + Dropped:
    debian/patches/debian/patches/security-CVE-2010-0728.patch: Included upstream.

files added:
debian/winbind.pam-config

files removed:
.pc/security-CVE-2010-0728.patch

.pc/security-CVE-2010-0728.patch/source3

.pc/security-CVE-2010-0728.patch/source3/include

.pc/security-CVE-2010-0728.patch/source3/include/smb.h

.pc/security-CVE-2010-0728.patch/source3/lib

.pc/security-CVE-2010-0728.patch/source3/lib/system.c

.pc/security-CVE-2010-0728.patch/source3/smbd

.pc/security-CVE-2010-0728.patch/source3/smbd/server.c

debian/patches/security-CVE-2010-0728.patch

files modified:
.pc/VERSION.patch/source3/VERSION

.pc/applied-patches

.pc/no-unnecessary-cups.patch/source3/smbd/server.c

WHATSNEW.txt

debian/changelog

debian/control

debian/patches/series

debian/rules

debian/winbind.files

packaging/RHEL-CTDB/samba.spec

packaging/RHEL/makerpms.sh

packaging/RHEL/samba.spec

source3/VERSION

source3/include/version.h

Show diffs side-by-side

added added

removed removed

debian/patches/security-CVE-2010-0728.patch

Description: fix permission bypass via incorrect CAP_DAC_OVERRIDE handling.

Origin: upstream, pulled from 3.4.7

diff -Nur samba-3.4.6~dfsg/source3/include/smb.h samba-3.4.6~dfsg.new/source3/include/smb.h

--- samba-3.4.6~dfsg/source3/include/smb.h 2010-02-23 04:35:42.000000000 -0500

+++ samba-3.4.6~dfsg.new/source3/include/smb.h 2010-03-08 17:50:44.000000000 -0500

@@ -1690,8 +1690,7 @@

enum smbd_capability {

KERNEL_OPLOCK_CAPABILITY,

DMAPI_ACCESS_CAPABILITY,

- LEASE_CAPABILITY,

- KILL_CAPABILITY

+ LEASE_CAPABILITY

};

diff -Nur samba-3.4.6~dfsg/source3/lib/system.c samba-3.4.6~dfsg.new/source3/lib/system.c

--- samba-3.4.6~dfsg/source3/lib/system.c 2010-02-23 04:35:42.000000000 -0500

+++ samba-3.4.6~dfsg.new/source3/lib/system.c 2010-03-08 17:50:44.000000000 -0500

@@ -592,11 +592,6 @@

#if defined(HAVE_POSIX_CAPABILITIES)

-/* This define hasn't made it into the glibc capabilities header yet. */

-#ifndef SECURE_NO_SETUID_FIXUP

-#define SECURE_NO_SETUID_FIXUP 2

-#endif

/**************************************************************************

Try and abstract process capabilities (for systems that have them).

****************************************************************************/

@@ -627,32 +622,6 @@

}

#endif

-#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)

- /* New way of setting capabilities as "sticky". */

- /*

- * Use PR_SET_SECUREBITS to prevent setresuid()

- * atomically dropping effective capabilities on

- * uid change. Only available in Linux kernels

- * 2.6.26 and above.

- *

- * See here:

- * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html

- * for details.

- *

- * Specifically the CAP_KILL capability we need

- * to allow Linux threads under different euids

- * to send signals to each other.

- */

- if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {

- DEBUG(0,("set_process_capability: "

- "prctl PR_SET_SECUREBITS failed with error %s\n",

- strerror(errno) ));

- return false;

- }

-#endif

cap = cap_get_proc();

if (cap == NULL) {

DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",

@@ -681,11 +650,6 @@

cap_vals[num_cap_vals++] = CAP_LEASE;

#endif

break;

- case KILL_CAPABILITY:

-#ifdef CAP_KILL

- cap_vals[num_cap_vals++] = CAP_KILL;

-#endif

- break;

}

SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));

@@ -695,37 +659,16 @@

return True;

}

- /*

- * Ensure the capability is effective. We assume that as a root

- * process it's always permitted.

- */

- if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,

- enable ? CAP_SET : CAP_CLEAR) == -1) {

- DEBUG(0, ("set_process_capability: cap_set_flag effective "

- "failed (%d): %s\n",

- (int)capability,

- strerror(errno)));

- cap_free(cap);

- return false;

- }

+ cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,

+ enable ? CAP_SET : CAP_CLEAR);

/* We never want to pass capabilities down to our children, so make

* sure they are not inherited.

100

101

- if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,

102

- cap_vals, CAP_CLEAR) == -1) {

103

- DEBUG(0, ("set_process_capability: cap_set_flag inheritable "

104

- "failed (%d): %s\n",

105

- (int)capability,

106

- strerror(errno)));

107

- cap_free(cap);

108

- return false;

109

- }

110

+ cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);

111

112

if (cap_set_proc(cap) == -1) {

113

- DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",

114

- (int)capability,

115

+ DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",

116

strerror(errno)));

117

cap_free(cap);

118

return False;

119

diff -Nur samba-3.4.6~dfsg/source3/smbd/server.c samba-3.4.6~dfsg.new/source3/smbd/server.c

120

--- samba-3.4.6~dfsg/source3/smbd/server.c 2010-03-08 17:50:34.000000000 -0500

121

+++ samba-3.4.6~dfsg.new/source3/smbd/server.c 2010-03-08 17:50:44.000000000 -0500

122

@@ -1031,14 +1031,6 @@

123

gain_root_privilege();

124

gain_root_group_privilege();

125

126

- /*

127

- * Ensure we have CAP_KILL capability set on Linux,

128

- * where we need this to communicate with threads.

129

- * This is inherited by new threads, but not by new

130

- * processes across exec().

131

- */

132

- set_effective_capability(KILL_CAPABILITY);

133

134

fault_setup((void (*)(void *))exit_server_fault);

135

dump_core_setup("smbd");

136

Older »