From 9eaa21ed37126d1bfcb998b4c8f6115ac77e9b5f Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Thu, 23 Feb 2017 16:50:43 -0500 Subject: cifs.upcall: don't do env scraping when uid is 0 Setuid programs triggering upcalls could trick the program here. Also, the d_automount method is done with credentials overridden so if you can end up with mismatched creds and env vars due to that as well. It's a hack, but the only recourse I can see is to avoid doing this when the uid is 0. That means we can't rely on finding root credcaches in alternate locations using $KRB5CCNAME, but I think that's the best we can do. Reported-and-Tested-by: Chad William Seys Signed-off-by: Jeff Layton --- cifs.upcall.8.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'cifs.upcall.8.in') diff --git a/cifs.upcall.8.in b/cifs.upcall.8.in index e1f3956..81481a4 100644 --- a/cifs.upcall.8.in +++ b/cifs.upcall.8.in @@ -44,7 +44,10 @@ Normally, cifs.upcall will probe the environment variable space of the process that initiated the upcall in order to fetch the value of $KRB5CCNAME. This can assist the program with finding credential caches in non-default locations. If this option is set, then the program won't do this and will rely on finding -credcaches in the default locations specified in krb5.conf. +credcaches in the default locations specified in krb5.conf. Note that this is +never performed when the uid is 0. The default credcache location is always +used when the uid is 0, regardless of the environment variable setting in the +process. .RE .PP \--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf -- cgit v1.2.3