search for: env_prob

Displaying 5 results from an estimated 5 matches for "env_prob".

Did you mean: env_probe
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop
2017 Feb 11
2
[RFC][cifs-utils PATCH] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
...;}, {"legacy-uid", 0, NULL, 'l'}, {"trust-dns", 0, NULL, 't'}, @@ -685,13 +809,14 @@ int main(const int argc, char *const argv[]) size_t datalen; unsigned int have; long rc = 1; - int c, try_dns = 0, legacy_uid = 0; + int c, try_dns = 0, legacy_uid = 0, env_probe = 0; char *buf; char hostbuf[NI_MAXHOST], *host; struct decoded_args arg; const char *oid; uid_t uid; char *keytab_name = NULL; + char *env_cachename = NULL; krb5_ccache ccache = NULL; hostbuf[0] = '\0'; @@ -699,11 +824,15 @@ int main(const int argc, char *const argv[])...
2017 Feb 13
0
[cifs-utils PATCH] cifs.upcall: switch group IDs when handling an upcall
...uid(uid); + if (!pw) { + syslog(LOG_ERR, "Unable to find pw entry for uid %d: %s\n", + uid, strerror(errno)); + rc = 1; + goto out; + } + + /* * Must do this before setuid, as we need ptrace perms to look at * environ file. */ env_cachename = get_cachename_from_process_env(env_probe ? arg.pid : 0); + /* + * The kernel should send down a zero-length grouplist already, but + * just to be on the safe side... + */ + rc = setgroups(0, NULL); + if (rc == -1) { + syslog(LOG_ERR, "setgroups: %s", strerror(errno)); + rc = 1; + goto out; + } + + rc = setgid(pw->pw_...
2017 Feb 14
3
[PATCH v2 0/2] cifs.upcall: allow cifs.upcall to grab $KRB5CCNAME from initiating process
Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of