On Do, 11.01.18 17:44, Chuck Anderson (cra@xxxxxxx) wrote: > On Thu, Jan 11, 2018 at 11:24:56PM +0100, Lennart Poettering wrote: > > I hope you are aware that user id 65534 is used by user namespacing > > (i.e. CLONE_NEWUSER) too, and in that context is probably much more > > prominently visible to users than in the NFS context. The fact that > > the user/group is called "nfsnobody" is quite misleading if most users > > see it only in the user namespacing context which has zero > > relationship to NFS. > > Is there any security implication of re-using 65534 for user > namespacing, since NFS was using it before? Why not assign a new uid > for user namespacing? Too late for that, you should have brought that up years ago when userns was first proposed for inclusion in the Linux kernel. Also, semantically what NFS does with this and what userns does with this is actually pretty much the same: it's the UID where unmappable other UIDs are mapped to. Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
