There is a new pam_mount release: 0.47 at <http://downloads.sourceforge.net/pam-mount/pam_mount-0.47.tar.lzma?modtime=1220593408&big_mirror=0>. This versions has a working sgrp parameter even when logining in through a ldap server.
Created attachment 164952 [details] Ebuild for pam_mount 0.47 This ebuild is a copy of pam_mount 0.43 with the dependency for libhx changed to "=sys-libs/libhx-1.23" as this seems to be the only compatible version of libhx.
ccing security, 0.47 has a security fix (cve requested). We have no stable pam_mount versions though, so maybe there isn't much more to do than bumping.
Would this allow for privilege escalation, or is the user-defined mount function only limited to, e.g. home ? Patch: http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commit;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db
Bump already done. Do we need to do anything else? (no glsa afaik for non-stable-keyworded packages)
(In reply to comment #4) > Bump already done. Do we need to do anything else? (no glsa afaik for > non-stable-keyworded packages) That's true. Still, what's the impact (comment #3)?
(In reply to comment #5) > (In reply to comment #4) > Still, what's the impact (comment #3)? As far as I know mounts that should happen as the user is attached to some group as a secondary group didn't happen at all so I wouldn't describe it as a security issue at all. Maybe Robert has some other info.
CVE-2008-3970 has been assigned.