[linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking
Jeremy Allison
jra at samba.org
Thu Mar 4 10:33:45 MST 2010
On Thu, Mar 04, 2010 at 10:51:53AM -0500, simo wrote:
>
> Letting a different user access the mount point *is* a security
> violation in itself. The CIFS security model lies in per user sessions.
> The right way to fix the problem is multi-session mounts. Allowing a
> different user to use a user session is a violation of the security
> model of CIFS.
Multi-session mounts are the only sane fix. This is what Windows
does in their redirectory (when a process with different credentials
traverses into a mount point a new sessionsetup is done to get remote
credentials).
Jeremy.
More information about the linux-cifs-client
mailing list