diff options
author | Alexander Bokovoy <ab@samba.org> | 2003-09-10 13:39:09 +0000 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2003-09-10 13:39:09 +0000 |
commit | cf598c5c1ce4fdc0d01f92c15604182c9e913abf (patch) | |
tree | 2c34d5665fdcfce012f0bbb85e9beba7ffd3e0eb /source3/passdb/machine_sid.c | |
parent | 4059dfcca2bda4d04c3277eea5bc67039a3fc6db (diff) | |
download | samba-cf598c5c1ce4fdc0d01f92c15604182c9e913abf.tar.gz samba-cf598c5c1ce4fdc0d01f92c15604182c9e913abf.tar.bz2 samba-cf598c5c1ce4fdc0d01f92c15604182c9e913abf.zip |
Now that CAN-2003-0689 is published officially, we need to make possible
to build on systems with fixed getgrouplist() in GNU libc < 2.3.2.
Unfortunately, we can't detect correctness of getgrouplist() functioning in
portable way so this is left up to developer/packager.
This patch adds --with-good-getgrouplist[=no] switch to configure which packagers
on Linux platforms could use to specify in their own builds if they now that glibc
on their platform is fixed w.r.t CAN-2003-0689. By default we still think that glibc
is vulnerable and perform our version check.
** This patch does not change default behaviour in Samba 3.0 -- by default we are not
vulnerable on glibc as we are not using getgrouplist()
See http://www.securityfocus.com/bid/8477 for vulnerability description.
Right now there are following Linux vendors released glibc updates for CAN-2003-0689:
RedHat -- https://rhn.redhat.com/errata/RHSA-2003-249.html
ALTLinux -- http://www.altlinux.com/index.php?module=sisyphus&package=glibc
(This used to be commit e53622c114e0368515c50b357567fcdd0b95979e)
Diffstat (limited to 'source3/passdb/machine_sid.c')
0 files changed, 0 insertions, 0 deletions