davfs2 does not honour Unix permissions
From: martin f krafft (madduck_at_madduck.net)
Date: 05/25/05
- Previous message: Zone Labs Product Security: "Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 May 2005 22:09:40 +0200 To: full-disclosure people <full-disclosure@lists.netsys.com>, bugtraq <bugtraq@securityfocus.com>
davfs2 is a user-space tool to mount DAV resources into the Unix
directory tree, using the Coda kernel filesystem as a backplane.
Unfortunately, Andrew Pimlott discovered that such a mounted
filesystem does not honour the Unix permissions that stat()
presents. Details are here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310757
If anyone knows how to fix this, please get in touch with me. Given
the impending Debian release, this is an urgent matter as davfs2
will have to be removed from Debian stable if no fix could be found
by Friday.
Cheers,
-- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! spamtraps: madduck.bogus@madduck.net why didn't noah swat those two mosquitoes?
- application/pgp-signature attachment: Digital signature
- Previous message: Zone Labs Product Security: "Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
