Changes since original set: v3: - have parent check to see if child was signalled and log a warning if so - drop supplimentary groups and change gid before acquiring creds. Keep suid and sgid as well to hamper ptrace. v2: - fix bisectability. The original set added includes in the wrong place in patch #1 and then fixed it in patch #2. The final result of this set is the same but should bisect cleanly. This patchset fixes up gssd to work with KEYRING: style credcaches. At the same time, it also fixes gssd not to need to trawl through likely credcache locations by allowing GSSAPI to find them in the intended fashion. The basic idea is to have gssd fork() after reading off the pipe, but before handling the upcall and to do a more thorough job of changing credentials. Jeff Layton (2): gssd: have process_krb5_upcall fork before handling upcall gssd: do a more thorough change of identity after forking utils/gssd/gssd_proc.c | 106 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 89 insertions(+), 17 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
