Changing back to per-thread credentials on Linux (fixing native AIO).
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Jul 1 02:42:09 MDT 2012
Hi, Jeremy!
On Wed, Jun 27, 2012 at 09:51:12AM -0700, Jeremy Allison wrote:
> Comments please !
IMHO we need to block or redirect all use of the glibc
setX[ug]id calls with LD_PRELOAD or an equivalent mechanism.
There might be external libraries subverting our security
model by calling them.
With best regards,
Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list