Re: cifs.upcall broken with cifs-utils 6.13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Aurélien,

The recent release of cifs-utils 6.13, more precisely e461afd8cf (which,
to my understanding, is a fix for CVE-2021-20208) makes attempts of
mounting CIFS shares with krb5 fail for me:

Can anyone tell me if this is a packaging/configuration issue (Arch in
my case) or a bug?

It's unfortunately a regression in the CVE fix. We are trying to come up
with a proper fix.

In the meantime, as a workaround:

* you can build cifs-utils --with-libcap=yes (libcap instead of
libcapng). This will skip
  capability dropping in cifs.upcall.c.
* Alternatively you can comment out the call to trim_capabilities() in
  cifs.upcall.c.

Thanks a million for the clarification. For me, downgrading the package to
6.12 works as an intermediate solution.

I'll open a task on the Arch bugtracker and let the package maintainer
decide what to do with the package until a proper fix is done.


Cheers,

Alex



[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux