| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZunqmhGHniR/4a9d@jeremy-rocky-laptop.localdomain> Date: Tue, 17 Sep 2024 13:46:18 -0700 From: Jeremy Allison <jra@...ba.org> To: ronnie sahlberg <ronniesahlberg@...il.com> Cc: Pali Rohár <pali@...nel.org>, Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@...guebit.com>, linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] cifs: Fix getting reparse points from server without WSL support On Wed, Sep 18, 2024 at 06:44:39AM +1000, ronnie sahlberg wrote: >On Wed, 18 Sept 2024 at 06:37, Pali Rohár <pali@...nel.org> wrote: >> >> Ok. But then I do not understand why Linux client parses and uses uid >> and gids which are sent over the wire. If you are saying that the SIDs >> must be the only source of truth then Linux client should rather ignore >> uid and gid values? > >What I think Jeremy is refering to is that mixing uids and sids in the >protocol itself is >a protocol design mistake. >Because this means that some PDUs in the protocol operate on SIDs but >others operate on >UID/GIDs and this means there is great risk of mistakes and have the >sid<->uid mapping return >different results depending on the actual PDU. > >Sometimes the sid<->uid mapping happens in the server, at other times >the mapping happens in the client >and it is very difficult to guarantee that the mapping is consistent >across PDUs in the protocol >as well as across different clients. Thanks Ronnie. You said that much better than I did :-) :-).
Powered by blists - more mailing lists