1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-06-14 23:32:27 +00:00

Bug 844: Document the new SMB back-end in features.conf.

This commit is contained in:
Kalle Olavi Niemitalo 2007-02-25 23:50:51 +02:00 committed by Kalle Olavi Niemitalo
parent 0212ba7e93
commit 3a3cf8b44f

View File

@ -368,17 +368,14 @@ CONFIG_NNTP=no
### SMB Protocol Support
#
# ELinks supports browsing over the SMB protocol (URI 'smb' scheme), using the
# smbclient program as back-end. Therefore, in order to have this enabled, you
# will need to install Samba (or at least just the smbclient part, if you can
# install it separately).
# ELinks supports browsing over the SMB protocol (URI 'smb' scheme),
# using the libsmbclient library as back-end. Therefore, in order to
# have this enabled, you will need to install Samba (or at least just
# the libsmbclient part, if you can install it separately).
#
# Unfortunately, ELinks doesn't yet properly validate the file name passed to
# smbclient, and this caused vulnerability CVE-2006-5925 (bug 841). To close
# the vulnerability, configure.in now disables the SMB protocol regardless of
# what you specify here. There is a patch that reimplements SMB in a safer
# way, but it has not yet been included in the main ELinks tree. Please see
# bug 844 for further information.
# This use of libsmbclient is believed to be immune to the command
# injection attacks (CVE-2006-5925, bug 841) from which earlier ELinks
# releases (0.9.0 to 0.11.1) suffered.
#
# Default: disabled