Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert two flags from int to bool
cifs.upcall: switch group IDs when handling an upcall
cifs.upcall: drop capabilities early in program
cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's
/proc/<pid>/environ file
Makefile.am | 2 +-
cifs.upcall.8.in | 9 ++
cifs.upcall.c | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 256 insertions(+), 10 deletions(-)
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
