davfs2 does not honour Unix permissions

From: martin f krafft (madduck_at_madduck.net)
Date: 05/25/05

  • Next message: Martin Schulze: "[SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting"
    Date: Wed, 25 May 2005 22:09:40 +0200
    To: full-disclosure people <full-disclosure@lists.netsys.com>, bugtraq <bugtraq@securityfocus.com>
    
    
    

    davfs2 is a user-space tool to mount DAV resources into the Unix
    directory tree, using the Coda kernel filesystem as a backplane.
    Unfortunately, Andrew Pimlott discovered that such a mounted
    filesystem does not honour the Unix permissions that stat()
    presents. Details are here:

      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310757

    If anyone knows how to fix this, please get in touch with me. Given
    the impending Debian release, this is an urgent matter as davfs2
    will have to be removed from Debian stable if no fix could be found
    by Friday.

    Cheers,

    -- 
    martin;              (greetings from the heart of the sun.)
      \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
     
    invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
    spamtraps: madduck.bogus@madduck.net
     
    why didn't noah swat those two mosquitoes?
    
    



  • Next message: Martin Schulze: "[SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting"