On Wed, 2017-02-15 at 11:15 -0500, Jeff Layton wrote: > Apologies for v3 series, I had some extra patches in there. This is > the one that should have been sent. Relabeled as v4 for clarity. > > Third respin of this series. Reordered for better safety for bisecting. > The environment scraping is now on by default, but can be disabled with > "-E" in environments where it's not needed. > > Also, I've added a patch to make cifs.upcall drop capabilities before > doing most of its work. This may help reduce the attack surface of the > program. > > Jeff Layton (4): > cifs.upcall: convert two flags from int to bool > cifs.upcall: switch group IDs when handling an upcall > cifs.upcall: drop capabilities early in program > cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's > /proc/<pid>/environ file > > Makefile.am | 2 +- > cifs.upcall.8.in | 9 ++ > cifs.upcall.c | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- > 3 files changed, 256 insertions(+), 10 deletions(-) > You can add a reviewed-by with my name. Simo. -- Simo Sorce * Red Hat, Inc * New York -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
