On Wed, 2013-11-13 at 15:50 -0700, Orion Poplawski wrote: > On 11/13/2013 03:47 PM, Orion Poplawski wrote: > > On 11/13/2013 03:34 PM, Simo wrote: > >> > >> Uhm doesn't this code store the user password in the clear in a key that > >> is explicitly made readable to any process of the user in the same > >> session ? > >> > >> Simo. > >> > > > > I tried to mimic exactly what the cifscreds program does, but I may have made > > a mistake. Or perhaps cifscreds is also doing a bad thing. The key > > permissions are set to: > > > > #define CIFS_KEY_PERMS (KEY_POS_VIEW|KEY_POS_WRITE|KEY_POS_SEARCH| \ > > KEY_USR_VIEW|KEY_USR_WRITE|KEY_USR_SEARCH) > > > > > > We're not setting KEY_*_READ, so one cannot read the contents of the key, IIUIC. My bad, my eyes saw VIEW but read READ. Simo. -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
