[linux-cifs-client] [PATCH] cifs: send real uid of initiating process to upcall instead of mount uid

Jeff Layton jlayton at redhat.com
Mon Aug 3 14:20:35 MDT 2009


On Mon, 3 Aug 2009 14:40:19 -0500
Steve French <smfrench at gmail.com> wrote:

> On Mon, Aug 3, 2009 at 1:52 PM, Jeff Layton <jlayton at redhat.com> wrote:
> > be able to trick the kernel into using a credcache to which the user
> doesn't
> > have access by setting the right uid= option on a mount?
> ...
> >  Seems saner and more secure to me.
> 
> Are you saying "saner" to rename "uid=" for the purposes of the upcall...
> not
> just the change to pass the "uid of the process that initiated the upcall"
> (not
> the "owner of the files" uid) (If so, I agree)
> 
> 

I'm not sure I follow what you're saying...

I'm saying that we should pass the real uid of the process that
initiated the upcall to the upcall. There's no point in passing the uid
of the process that owns the files on the mount to the upcall.

I don't see the point of renaming the uid= "key" here. Can you
elaborate as to why you think it would be good to do so?

-- 
Jeff Layton <jlayton at redhat.com>


More information about the linux-cifs-client mailing list