Article 5W0FA [$] The long road to a fix for CVE-2021-20316

[$] The long road to a fix for CVE-2021-20316

by
corbet
from LWN.net on (#5W0FA)
Well-maintained free-software projects usually make a point of quicklyfixing known security problems, and the Sambaproject, which provides interoperability between Windows and Unixsystems, is no exception. So it is natural to wonder why the fix for CVE-2021-20316,a symbolic-link vulnerability, was well over two years in coming.Sometimes, a security bug can be fixed with a simple tweak to the code.Other times, the fix requires a massive rewrite of much of a projects'sinternal code. This particular vulnerability fell firmly into the lattercategory, necessitating a public rewrite of Samba's virtual filesystem(VFS) layer to address a non-disclosed vulnerability.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments