~ubuntu-branches/ubuntu/lucid/samba/lucid-security

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2010-03-08 17:50:57 UTC
Revision ID: james.westby@ubuntu.com-20100308175057-z5ao2e65nqgiovbn

Tags: 2:3.4.6~dfsg-1ubuntu2

* SECURITY UPDATE: permission bypass via incorrect CAP_DAC_OVERRIDE
  handling.
  - debian/patches/security-CVE-2010-0728.patch: fix capability handling
    in source3/{include/smb.h,lib/system.c,smbd/server.c}.
  - CVE-2010-0728
* Removed patches:
  - debian/patches/debian-changes-2:3.4.5~dfsg-2ubuntu2: merge error
  - debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1: merge error

files added:
.pc/security-CVE-2010-0728.patch

.pc/security-CVE-2010-0728.patch/source3

.pc/security-CVE-2010-0728.patch/source3/include

.pc/security-CVE-2010-0728.patch/source3/include/smb.h

.pc/security-CVE-2010-0728.patch/source3/lib

.pc/security-CVE-2010-0728.patch/source3/lib/system.c

.pc/security-CVE-2010-0728.patch/source3/smbd

.pc/security-CVE-2010-0728.patch/source3/smbd/server.c

debian/patches/security-CVE-2010-0728.patch

files removed:
.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/examples

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/examples/libsmbclient

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/examples/libsmbclient/Makefile.internal

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/examples

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/examples/Makefile

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/tests

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/tests/Makefile

.pc/debian-changes-2:3.4.6~dfsg-1ubuntu1

.pc/debian-changes-2:3.4.6~dfsg-1ubuntu1/source3

.pc/debian-changes-2:3.4.6~dfsg-1ubuntu1/source3/VERSION

debian/patches/debian-changes-2:3.4.5~dfsg-2ubuntu2

debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1

examples/libsmbclient/Makefile.internal

source3/lib/netapi/examples/Makefile

source3/lib/netapi/tests/Makefile

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

source3/VERSION

source3/include/smb.h

source3/lib/system.c

source3/smbd/server.c

Show diffs side-by-side

added added

removed removed

source3/lib/system.c

592

593

#if defined(HAVE_POSIX_CAPABILITIES)

594

595

/* This define hasn't made it into the glibc capabilities header yet. */

596

#ifndef SECURE_NO_SETUID_FIXUP

597

#define SECURE_NO_SETUID_FIXUP 2

598

#endif

599

600

595

/**************************************************************************

601

596

Try and abstract process capabilities (for systems that have them).

602

597

****************************************************************************/

627

622

}

628

623

#endif

629

624

630

#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)

631

/* New way of setting capabilities as "sticky". */

632

633

634

* Use PR_SET_SECUREBITS to prevent setresuid()

635

* atomically dropping effective capabilities on

636

* uid change. Only available in Linux kernels

637

* 2.6.26 and above.

638

639

* See here:

640

* http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html

641

* for details.

642

643

* Specifically the CAP_KILL capability we need

644

* to allow Linux threads under different euids

645

* to send signals to each other.

646

647

648

if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {

649

DEBUG(0,("set_process_capability: "

650

"prctl PR_SET_SECUREBITS failed with error %s\n",

651

strerror(errno) ));

652

return false;

653

}

654

#endif

655

656

625

cap = cap_get_proc();

657

626

if (cap == NULL) {

658

627

DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",

681

650

cap_vals[num_cap_vals++] = CAP_LEASE;

682

651

#endif

683

652

break;

684

case KILL_CAPABILITY:

685

#ifdef CAP_KILL

686

cap_vals[num_cap_vals++] = CAP_KILL;

687

#endif

688

break;

689

653

}

690

654

691

655

SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));

695

659

return True;

696

660

}

697

661

698

699

* Ensure the capability is effective. We assume that as a root

700

* process it's always permitted.

701

702

703

if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,

704

enable ? CAP_SET : CAP_CLEAR) == -1) {

705

DEBUG(0, ("set_process_capability: cap_set_flag effective "

706

"failed (%d): %s\n",

707

(int)capability,

708

strerror(errno)));

709

cap_free(cap);

710

return false;

711

}

662

cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,

663

enable ? CAP_SET : CAP_CLEAR);

712

664

713

665

/* We never want to pass capabilities down to our children, so make

714

666

* sure they are not inherited.

715

667

716

if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,

717

cap_vals, CAP_CLEAR) == -1) {

718

DEBUG(0, ("set_process_capability: cap_set_flag inheritable "

719

"failed (%d): %s\n",

720

(int)capability,

721

strerror(errno)));

722

cap_free(cap);

723

return false;

724

}

668

cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);

725

669

726

670

if (cap_set_proc(cap) == -1) {

727

DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",

728

(int)capability,

671

DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",

729

672

strerror(errno)));

730

673

cap_free(cap);

731

674

return False;

Older »