[Samba] Warning messages when provisioning an ADDC
slow at samba.org
Tue Feb 9 08:57:38 UTC 2021
Am 2/9/21 um 9:15 AM schrieb Andrew Bartlett:
> Regarding unprivileged containers, jails etc, I would warn that anyone
> who stores Samba ACLs in an unprivileged namespace owns the security
> result themselves. Samba assumes that these values are protected by
> the kernel, if they are not then our security assumptions are revoked.
hm, hm, with the acl_xattr VFS module with "acl_xattr:ignore system
acls" set to yes we're already relying on userspace for security
bypassing the kernel, so I wonder whether the namespace issue is really
the one I would worry about. As long as users don't have direct access
to the server storing the xattr in the user namespace might be an option.
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 840 bytes
Desc: OpenPGP digital signature
More information about the samba