[linux-cifs-client] [PATCH] cifs: send real uid of initiating process to upcall instead of mount uid
Jeff Layton
jlayton at redhat.com
Mon Aug 3 12:52:37 MDT 2009
On Mon, 3 Aug 2009 13:41:03 -0500
Steve French <smfrench at gmail.com> wrote:
> Wouldn't it give more flexibility to the upcall program if we sent both or
> changed the name (and be less confusing) e.g. to "mount_uid" or something
> else distinct
>
We already send a bunch of fields that we don't actually use...
...and TBH, I'm a little leery of the existing situation. Might someone
be able to trick the kernel into using a credcache to which the user
doesn't have access by setting the right uid= option on a mount?
One of the main problems we have with "uid=" is that it means too much.
I'd like to remove it from having any meaning at all to the krb5 auth
subsys. Seems saner and more secure to me.
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list