On Wed, Sep 18, 2024 at 06:44:39AM +1000, ronnie sahlberg wrote:
On Wed, 18 Sept 2024 at 06:37, Pali Rohár <pali@xxxxxxxxxx> wrote:
Ok. But then I do not understand why Linux client parses and uses uid
and gids which are sent over the wire. If you are saying that the SIDs
must be the only source of truth then Linux client should rather ignore
uid and gid values?
What I think Jeremy is refering to is that mixing uids and sids in the
protocol itself is
a protocol design mistake.
Because this means that some PDUs in the protocol operate on SIDs but
others operate on
UID/GIDs and this means there is great risk of mistakes and have the
sid<->uid mapping return
different results depending on the actual PDU.
Sometimes the sid<->uid mapping happens in the server, at other times
the mapping happens in the client
and it is very difficult to guarantee that the mapping is consistent
across PDUs in the protocol
as well as across different clients.
Thanks Ronnie. You said that much better than I did :-) :-).