Web lists-archives.com

Re: [Samba] [cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment

On Wed, 2017-02-15 at 11:15 -0500, Jeff Layton wrote:
> Apologies for v3 series, I had some extra patches in there. This is
> the one that should have been sent. Relabeled as v4 for clarity.
> Third respin of this series. Reordered for better safety for bisecting.
> The environment scraping is now on by default, but can be disabled with
> "-E" in environments where it's not needed.
> Also, I've added a patch to make cifs.upcall drop capabilities before
> doing most of its work. This may help reduce the attack surface of the
> program.
> Jeff Layton (4):
>   cifs.upcall: convert two flags from int to bool
>   cifs.upcall: switch group IDs when handling an upcall
>   cifs.upcall: drop capabilities early in program
>   cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's
>     /proc/<pid>/environ file
>  Makefile.am      |   2 +-
>  cifs.upcall.8.in |   9 ++
>  cifs.upcall.c    | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
>  3 files changed, 256 insertions(+), 10 deletions(-)

You can add a reviewed-by with my name.


Simo Sorce * Red Hat, Inc * New York

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba