Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permissionchecking

From: Jeremy Allison
Date: Thu Mar 04 2010 - 12:42:39 EST

Next message: Andre Noll: "Re: [Bugme-new] [Bug 15426] New: Running many copies of bonnie++ on different filesystems seems to deadlock in sync"
Previous message: Jeremy Fitzhardinge: "Re: [PATCH 6/7] xen: Enable PV clocksource for HVM"
In reply to: simo: "Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permissionchecking"
Next in thread: Jeff Layton: "Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permissionchecking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 04, 2010 at 10:51:53AM -0500, simo wrote:
>
> Letting a different user access the mount point *is* a security
> violation in itself. The CIFS security model lies in per user sessions.
> The right way to fix the problem is multi-session mounts. Allowing a
> different user to use a user session is a violation of the security
> model of CIFS.

Multi-session mounts are the only sane fix. This is what Windows
does in their redirectory (when a process with different credentials
traverses into a mount point a new sessionsetup is done to get remote
credentials).

Jeremy.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andre Noll: "Re: [Bugme-new] [Bug 15426] New: Running many copies of bonnie++ on different filesystems seems to deadlock in sync"
Previous message: Jeremy Fitzhardinge: "Re: [PATCH 6/7] xen: Enable PV clocksource for HVM"
In reply to: simo: "Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permissionchecking"
Next in thread: Jeff Layton: "Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permissionchecking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]