[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Jeff Layton
jlayton at samba.org
Wed Feb 15 16:13:20 UTC 2017
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert two flags from int to bool
cifs.upcall: switch group IDs when handling an upcall
cifs.upcall: drop capabilities early in program
cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's
/proc/<pid>/environ file
Makefile.am | 2 +-
cifs.upcall.8.in | 9 ++
cifs.upcall.c | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 256 insertions(+), 10 deletions(-)
--
2.9.3
More information about the samba-technical
mailing list