[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Jeff Layton
jlayton at samba.org
Wed Feb 15 16:15:18 UTC 2017
Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert two flags from int to bool
cifs.upcall: switch group IDs when handling an upcall
cifs.upcall: drop capabilities early in program
cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's
/proc/<pid>/environ file
Makefile.am | 2 +-
cifs.upcall.8.in | 9 ++
cifs.upcall.c | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 256 insertions(+), 10 deletions(-)
--
2.9.3
More information about the samba-technical
mailing list