[csw-users] Security Vulnerabilities in Samba.

Bogdan Iamandei bogdan at its.uq.edu.au
Sat Jul 21 09:59:12 CEST 2007


-----Original Message-----
From: users-bounces+bogdan=its.uq.edu.au at lists.blastwave.org on behalf of Jeremiah Johnson
Sent: Sat 7/21/2007 1:27 AM
To: questions and discussions
Subject: Re: [csw-users] Security Vulnerabilities in Samba.
 
Bogdan,

Thanks for pointing that out.  Patches like that are what maintainers
are good for.  If there are problems, the maintainer should include
that patch and release it.  I personally would rather see more
frequent releases that fix problems, than waiting 6+ months for a
update.  There is a stable and unstable branch, and afaict the
unstable version is still that older version.  I realize that much
testing goes into each release, but I also realize that there is only
so much testing a volunteer can do.  Without accepting input from the
user base at large you'll constantly end up in situations like this.
The stable branch is supposed to be updated only every 3 months, and
unstable constantly, but I'm not seeing any visible action in unstable
with regards to samba.

Ken,

Thanks, I appreciate it.  Sun and SFW have released updates, but our
maintance policy is a bit odd for installing sun patches which is why
we're using Blastwave.

-miah
-------------------------------


Grrr... I hate OWA. Someone should tell M$ how to do proper quoting.

Anyways, onto more productive things now.

Yes. I'd like to see more activity on the samba front as well.. I guess, we
were only lucky that 3.0.21d (or whatever) was stable enough and it didn't
fail as spectacularly as 3.0.25b - right out of the box.

I have been considering for a while now to look at the way Sun packages
patches, and maybe replicate that. I think I would be pretty safe choosing
a range of patchIDs below what Sun is using[0]. The advantage of using patches
to perform updates would be that (assuming that the patch is properly done up)
you can always revert out of a botched update, compared to the current
situation whereby if you have a rogered package, you have to contact the
maintainer of the package and get them to send you the old package so you
can revert to the last known working version. And yes - it happened a few times
especially with cfengine.

Oh, and since we're on the samba subject, it would be nice if the solaris package
would have an S10 detection routine and install the SMF scripts rather than the
old init.d ones? I've got them if anyone needs them.. Tested, para-tested, and over-tested.
They work a treat when critical conditions aren't met. Can't do that stuff out of
init.d :)

Cheers,
Ino!~

[0] - I think I'm stuck with using numbers in the patchID. Not sure that the patch-framework
is going to be too happy if it finds alpha-numerics instead of just numerics in the PatchID.
Although - it's probably worth a try, I've seen enough kernel panics, let's see something new
for a change! :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4663 bytes
Desc: not available
URL: <http://lists.opencsw.org/pipermail/users/attachments/20070721/e6cc3efa/attachment-0001.bin>


More information about the users mailing list