Bug 844: Document the new SMB back-end in features.conf.

2024-06-20 00:15:31 +00:00 · 2007-02-25 23:50:51 +02:00 · 2007-02-25 23:50:51 +02:00 · 3a3cf8b44f
commit 3a3cf8b44f
parent 0212ba7e93
1 changed files with 7 additions and 10 deletions
--- a/features.conf
+++ b/features.conf
@ -368,17 +368,14 @@ CONFIG_NNTP=no

 ### SMB Protocol Support
 #
-# ELinks supports browsing over the SMB protocol (URI 'smb' scheme), using the
-# smbclient program as back-end. Therefore, in order to have this enabled, you
-# will need to install Samba (or at least just the smbclient part, if you can
-# install it separately).
+# ELinks supports browsing over the SMB protocol (URI 'smb' scheme),
+# using the libsmbclient library as back-end.  Therefore, in order to
+# have this enabled, you will need to install Samba (or at least just
+# the libsmbclient part, if you can install it separately).
 #
-# Unfortunately, ELinks doesn't yet properly validate the file name passed to
-# smbclient, and this caused vulnerability CVE-2006-5925 (bug 841).  To close
-# the vulnerability, configure.in now disables the SMB protocol regardless of
-# what you specify here.  There is a patch that reimplements SMB in a safer
-# way, but it has not yet been included in the main ELinks tree.  Please see
-# bug 844 for further information.
+# This use of libsmbclient is believed to be immune to the command
+# injection attacks (CVE-2006-5925, bug 841) from which earlier ELinks
+# releases (0.9.0 to 0.11.1) suffered.
 #
 # Default: disabled