On 11/13/2013 03:47 PM, Orion Poplawski wrote:
On 11/13/2013 03:34 PM, Simo wrote:
Uhm doesn't this code store the user password in the clear in a key that
is explicitly made readable to any process of the user in the same
session ?
Simo.
I tried to mimic exactly what the cifscreds program does, but I may have made
a mistake. Or perhaps cifscreds is also doing a bad thing. The key
permissions are set to:
#define CIFS_KEY_PERMS (KEY_POS_VIEW|KEY_POS_WRITE|KEY_POS_SEARCH| \
KEY_USR_VIEW|KEY_USR_WRITE|KEY_USR_SEARCH)
We're not setting KEY_*_READ, so one cannot read the contents of the key, IIUIC.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxx
Boulder, CO 80301 http://www.nwra.com
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
