Changeset 423

Timestamp:

Mar 9, 2010, 7:58:12 AM (15 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3.x to 3.3.12

Location:

branches/samba-3.3.x

Files:

• WHATSNEW.txt (modified) (2 diffs)
• packaging/RHEL-CTDB/samba.spec (modified) (1 diff)
• packaging/RHEL/makerpms.sh (modified) (1 diff)
• packaging/RHEL/samba.spec (modified) (1 diff)
• source/VERSION (modified) (1 diff)
• source/include/smb.h (modified) (1 diff)
• source/lib/system.c (modified) (4 diffs)
• source/smbd/server.c (modified) (1 diff)

branches/samba-3.3.x/WHATSNEW.txt

@@ +1 @@
+                   ==============================
+                   Release Notes for Samba 3.3.12
+                            March 8, 2010
+                   ==============================
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o  CVE-2010-0728:
+   In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+   was added to fix a problem with Linux asynchronous IO handling.
+   This code introduced a bad security flaw on Linux platforms if the
+   binaries were built on Linux platforms with libcap support.
+   The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+   capabilities, allowing all file system access to be allowed
+   even when permissions should have denied access.
+
+
+Changes since 3.5.0
+-------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 7222: Fix for CVE-2010-0728.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
                    ==============================
                    Release Notes for Samba 3.3.11
@@ -80 +130 @@
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    ==============================

branches/samba-3.3.x/packaging/RHEL-CTDB/samba.spec

@@ -6 +6 @@
 Packager: Samba Team <samba@samba.org>
 Name:         samba
-Version:      3.3.11
+Version:      3.3.12
 Release:      ctdb.1
 Epoch:        0

branches/samba-3.3.x/packaging/RHEL/makerpms.sh

@@ -21 +21 @@
 USERID=`id -u`
 GRPID=`id -g`
-VERSION='3.3.11'
+VERSION='3.3.12'
 REVISION=''
 SPECFILE="samba.spec"

branches/samba-3.3.x/packaging/RHEL/samba.spec

@@ -6 +6 @@
 Packager: Samba Team <samba@samba.org>
 Name:         samba
-Version:      3.3.11
+Version:      3.3.12
 Release:      1
 Epoch:        0

branches/samba-3.3.x/source/VERSION

@@ -26 +26 @@
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 ########################################################

branches/samba-3.3.x/source/include/smb.h

@@ -1685 +1685 @@
     KERNEL_OPLOCK_CAPABILITY,
     DMAPI_ACCESS_CAPABILITY,
-    LEASE_CAPABILITY,
-    KILL_CAPABILITY
+    LEASE_CAPABILITY
 };
 

branches/samba-3.3.x/source/lib/system.c

@@ -708 +708 @@
 #if defined(HAVE_POSIX_CAPABILITIES)
 
-/* This define hasn't made it into the glibc capabilities header yet. */
-#ifndef SECURE_NO_SETUID_FIXUP
-#define SECURE_NO_SETUID_FIXUP          2
-#endif
-
 /**************************************************************************
  Try and abstract process capabilities (for systems that have them).
@@ -743 +738 @@
 #endif
 
-#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)
-        /* New way of setting capabilities as "sticky". */
-
-        /*
-         * Use PR_SET_SECUREBITS to prevent setresuid()
-         * atomically dropping effective capabilities on
-         * uid change. Only available in Linux kernels
-         * 2.6.26 and above.
-         *
-         * See here:
-         * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
-         * for details.
-         *
-         * Specifically the CAP_KILL capability we need
-         * to allow Linux threads under different euids
-         * to send signals to each other.
-         */
-
-        if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
-                DEBUG(0,("set_process_capability: "
-                        "prctl PR_SET_SECUREBITS failed with error %s\n",
-                        strerror(errno) ));
-                return false;
-        }
-#endif
-
         cap = cap_get_proc();
         if (cap == NULL) {
@@ -797 +766 @@
 #endif
                         break;
-                case KILL_CAPABILITY:
-#ifdef CAP_KILL
-                        cap_vals[num_cap_vals++] = CAP_KILL;
-#endif
-                        break;
         }
 
@@ -811 +775 @@
         }
 
-        /*
-         * Ensure the capability is effective. We assume that as a root
-         * process it's always permitted.
-         */
-
-        if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
-                        enable ? CAP_SET : CAP_CLEAR) == -1) {
-                DEBUG(0, ("set_process_capability: cap_set_flag effective "
-                        "failed (%d): %s\n",
-                        (int)capability,
-                        strerror(errno)));
-                cap_free(cap);
-                return false;
-        }
+        cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+                enable ? CAP_SET : CAP_CLEAR);
 
         /* We never want to pass capabilities down to our children, so make
          * sure they are not inherited.
          */
-        if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
-                        cap_vals, CAP_CLEAR) == -1) {
-                DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
-                        "failed (%d): %s\n",
-                        (int)capability,
-                        strerror(errno)));
-                cap_free(cap);
-                return false;
-        }
+        cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
 
         if (cap_set_proc(cap) == -1) {
-                DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n",
-                        (int)capability,
+                DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n",
                         strerror(errno)));
                 cap_free(cap);

branches/samba-3.3.x/source/smbd/server.c

@@ -1248 +1248 @@
         gain_root_group_privilege();
 
-        /*
-         * Ensure we have CAP_KILL capability set on Linux,
-         * where we need this to communicate with threads.
-         * This is inherited by new threads, but not by new
-         * processes across exec().
-         */
-        set_effective_capability(KILL_CAPABILITY);
-
         fault_setup((void (*)(void *))exit_server_fault);
         dump_core_setup("smbd");