From: Simo Sorce <simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org,
cwseys-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org,
samba-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org
Subject: Re: [cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Date: Thu, 16 Feb 2017 08:59:00 -0500 [thread overview]
Message-ID: <1487253540.6697.3.camel@redhat.com> (raw)
In-Reply-To: <20170215161522.17063-1-jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
On Wed, 2017-02-15 at 11:15 -0500, Jeff Layton wrote:
> Apologies for v3 series, I had some extra patches in there. This is
> the one that should have been sent. Relabeled as v4 for clarity.
>
> Third respin of this series. Reordered for better safety for bisecting.
> The environment scraping is now on by default, but can be disabled with
> "-E" in environments where it's not needed.
>
> Also, I've added a patch to make cifs.upcall drop capabilities before
> doing most of its work. This may help reduce the attack surface of the
> program.
>
> Jeff Layton (4):
> cifs.upcall: convert two flags from int to bool
> cifs.upcall: switch group IDs when handling an upcall
> cifs.upcall: drop capabilities early in program
> cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's
> /proc/<pid>/environ file
>
> Makefile.am | 2 +-
> cifs.upcall.8.in | 9 ++
> cifs.upcall.c | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
> 3 files changed, 256 insertions(+), 10 deletions(-)
>
You can add a reviewed-by with my name.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
next prev parent reply other threads:[~2017-02-16 13:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 16:15 [cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment Jeff Layton
[not found] ` <20170215161522.17063-1-jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2017-02-15 16:15 ` [cifs-utils PATCH v4 1/4] cifs.upcall: convert two flags from int to bool Jeff Layton
2017-02-15 16:15 ` [cifs-utils PATCH v4 2/4] cifs.upcall: switch group IDs when handling an upcall Jeff Layton
[not found] ` <d29a36ca-693d-e3c6-9428-90b1ee9bce10@physics.wisc.edu>
[not found] ` <d29a36ca-693d-e3c6-9428-90b1ee9bce10-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org>
2017-02-23 12:45 ` problem when testing recent cifs.upcall Jeff Layton
[not found] ` <1487853902.7731.21.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2017-02-23 20:18 ` Chad William Seys
[not found] ` <f922a603-0095-b86a-27a0-c7a6064e93d3-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org>
2017-02-23 21:10 ` Jeff Layton
[not found] ` <1487884245.3448.15.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2017-02-23 21:30 ` Jeff Layton
[not found] ` <1487885407.3448.17.camel-vpEMnDpepFuMZCB2o+C8xQ@public.gmane.org>
2017-02-23 21:42 ` Jeff Layton
[not found] ` <1487886136.10904.1.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2017-02-23 23:46 ` Simo Sorce
2017-02-24 0:35 ` Jeff Layton
[not found] ` <1487896552.14855.1.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2017-02-24 1:14 ` Simo Sorce
2017-02-15 16:15 ` [cifs-utils PATCH v4 3/4] cifs.upcall: drop capabilities early in program Jeff Layton
2017-02-15 16:15 ` [cifs-utils PATCH v4 4/4] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file Jeff Layton
2017-02-16 13:59 ` Simo Sorce [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-02-15 16:13 [cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487253540.6697.3.camel@redhat.com \
--to=simo-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=cwseys-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org \
--cc=jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
--cc=samba-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.