Bug 2949

Maybe samba package also needs to be updated for this.

Ubuntu has an update for both cifs-utils and samba :
http://lwn.net/Articles/461683/
http://lwn.net/Articles/461684/

Source RPM: mount-cifs => mount-cifs, samba

(add the commiter of cifs-utils (as there is no maintainer of this package) and the maintainer of samba)

CC: (none) => bgmilne, bgmilne, ennael1, thierry.vignaud

We have mount.cifs in both cifs-utils and mount-cifs (from samba src package).

cifs-utils obsoletes and provides mount-cifs, but mount-cifs can still be installed (isn't this a bug?):

[root@tiger ~]# rpm -qi mount-cifs
package mount-cifs is not installed
[root@tiger ~]# urpmi mount-cifs
Preparing...                     ##################################################
      1/1: mount-cifs            ##################################################
[root@tiger ~]# rpm -q --obsoletes cifs-utils
mount-cifs <= 4.0
[root@tiger ~]# rpm -q --provides cifs-utils
mount-cifs = 4.8.1
cifs-utils = 4.8.1-1.mga1
cifs-utils(x86-64) = 4.8.1-1.mga1

However, mount-cifs's mount.cifs will only be available as /bin/mount.cifs3 and /sbin/mount.cifs3.

Installing cifs-utils removes mount-cifs:
[root@tiger ~]# rpm -q mount-cifs
mount-cifs-3.5.8-1.mga1
[root@tiger ~]# urpmi cifs-utils
    http://ftp5.gwdg.de/pub/linux/mageia/distrib/1/x86_64/media/core/release/cifs-utils-4.8.1-1.mga1.x86_64.rpm
installing cifs-utils-4.8.1-1.mga1.x86_64.rpm from /var/cache/urpmi/rpms
Preparing...                     ##################################################
      1/1: cifs-utils            ##################################################
removing package mount-cifs-3.5.8-1.mga1.x86_64
[root@tiger ~]# rpm -q mount-cifs
package mount-cifs is not installed

The mount.cifs in mount-cifs is setuid, the one in cifs-utils is not.

I think we're going to have to update both for 1, and drop mount-cifs from the samba package in cauldron.

(the other alternative would be to add conflicts to cifs-utils on mount-cifs, and update mount-cifs, and hope users with mount-cifs will get the cifs-utils, but I'm not sure if we can be guaranteed that it will work, although it looks like it might:
[root@tiger ~]# rpm -q cifs-utils mount-cifs
package cifs-utils is not installed
mount-cifs-3.5.8-1.mga1
[root@tiger ~]# urpmi mount-cifs
Package mount-cifs-3.5.8-1.mga1.x86_64 is already installed
[root@tiger ~]# urpmq --auto-select|grep cifs
cifs-utils
)

We've already dropped mount-cifs from samba in cauldron.

I have submitted a patched cifs-utils to core/updates_testing for 1.

reassign to QA

Buchan, so we can close bug 2950 ?

cifs-utils 4.8.1-1.1.mga1

Assignee: bugsquad => qa-bugs
Source RPM: mount-cifs, samba => cifs-utils

Any suggestions how to test this please.

x86_64

Created an smb share on other computer and connected to it with 

mount -t cifs //ServerIP/share -o user=MGAGROUP/username%password /media/test

Permission problems creating files but able to browse around.

I have set write access on the share itself. Is it worth debugging the permission problems or is simply mounting the share enough to validate?

Permission problems fixed by adding a read,write and valid username on the share

Testing complete x86_64

Testing complete i586

Update validated


Advisory
--------------------
This security update for cifs-utils contains a fix for CVE-2011-1678
 - mount-cifs: Suid mount helpers fail to anticipate RLIMIT_FSIZE

Issue reported on oss-security :
http://openwall.com/lists/oss-security/2011/03/04/9

redhat bug :
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1678

--------------------

SRPM cifs-utils-4.8.1-1.1.mga1.src.rpm


Could sysadmin please push from core/updates_testing to core/updates

If this also closes bug 2950 it should be added to the advisory.


Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

*** Bug 2950 has been marked as a duplicate of this bug. ***