| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100312015319.GC27697@samba1> Date: Thu, 11 Mar 2010 17:53:19 -0800 From: Jeremy Allison <jra@...ba.org> To: Michael Adam <obnox@...ba.org> Cc: Jeff Layton <jlayton@...ba.org>, Jon Severinsson <jon@...erinsson.net>, linux-cifs-client@...ts.samba.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, vl@...ba.org Subject: Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking On Thu, Mar 11, 2010 at 11:45:29PM +0100, Michael Adam wrote: > > When discussing this with Volker today, he had a different idea: > One could implement a trans2 impersonate call in samba (as a new > call in the unix extensions) that could be used to transfer the > session established by the privileged user (root, say) to a > different user specified as an argument to the call -- without > the need to give credentials! Then this call could be used in > the multi user mount scenario: when uid 1000 accesse the cifs > mount then the root-dispatcher mount would create a new session > initially as root and issue an impersonate call to user 1000 > directly afterwards. > > Wouldn't that be something worth considering? This world work, but protocol cleanliness-wise it's *really* horrible :-). Jeremy. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists