Changing back to per-thread credentials on Linux (fixing native AIO).
simo
idra at samba.org
Sun Jul 1 05:54:25 MDT 2012
On Sun, 2012-07-01 at 10:42 +0200, Volker Lendecke wrote:
> Hi, Jeremy!
>
> On Wed, Jun 27, 2012 at 09:51:12AM -0700, Jeremy Allison wrote:
> > Comments please !
>
> IMHO we need to block or redirect all use of the glibc
> setX[ug]id calls with LD_PRELOAD or an equivalent mechanism.
> There might be external libraries subverting our security
> model by calling them.
Libraries should never call setXXid() calls, it makes no sense and it is
completely thread-unsafe.
It is simply not done.
I do not think we should ever worry about that.
The uid wrapper stuff proves we never had that issue so far.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list