ACL check in elog_check_access?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Jun 18 13:34:05 GMT 2008
Hi, Jerry!
While looking at ACLs again I came across
elog_check_access() as the only caller of
get_nt_acl_no_snum(). If I get it right (I'm not sure about
that...) then this code does a user-space access check (look
at elog_open) after having opened a tdb file with
become_root(). Question: Why? Wouldn't it be possible to
just open as the authenticated pipe user and rely on the
kernel to do the access checks?
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080618/74d6fe43/attachment.bin
More information about the samba-technical
mailing list