[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: feature-mtab-translator (v3)
From: |
Neal H. Walfield |
Subject: |
Re: feature-mtab-translator (v3) |
Date: |
Mon, 22 Jul 2013 17:36:54 +0200 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.8 Emacs/23.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) |
At Fri, 19 Jul 2013 18:04:47 +0200,
Justus Winter wrote:
> My personal preference would be to run the translator on /proc/mounts
> as unprivileged user created solely for this purpose by default. It's
> up to the system administrator to change that if he wishes. I know
> it's not as magically as it could be if the mtab translator would
> impersonate the requesting user, but then again, this is no problem of
> the RPC procedure or the server side implementation of it.
The translator should never impersonate the user. At most it should
mediate access. If more authority is needed, the client should
interact directly with the translator in question. This can be done
by having the mediator return an unauthenticated port. Anything else
will request in the confused deputy and a huge attack surface.
Neal
- [PATCH 10/17] hurd: add fsys_get_children, (continued)
- [PATCH 10/17] hurd: add fsys_get_children, Justus Winter, 2013/07/19
- [PATCH 13/17] libtrivfs: add fsys_get_source, Justus Winter, 2013/07/19
- [PATCH 12/17] libnetfs: add fsys_get_source, Justus Winter, 2013/07/19
- [PATCH 11/17] libdiskfs: add fsys_get_source, Justus Winter, 2013/07/19
- [PATCH 15/17] hurd: add fsys_get_source, Justus Winter, 2013/07/19
- Re: [PATCH 15/17] hurd: add fsys_get_source, Neal H. Walfield, 2013/07/22
- [PATCH 16/17] XXX this looks wrong to me, please have a look, Justus Winter, 2013/07/19
- [PATCH 14/17] trans/symlink.c: add fsys_get_source, Justus Winter, 2013/07/19
- Re: feature-mtab-translator (v3), Richard Braun, 2013/07/19
- Re: feature-mtab-translator (v3), Justus Winter, 2013/07/19
- Re: feature-mtab-translator (v3),
Neal H. Walfield <=
- Re: feature-mtab-translator (v3), Neal H. Walfield, 2013/07/22
- Re: feature-mtab-translator (v3), Neal H. Walfield, 2013/07/22
- Re: feature-mtab-translator (v3), Samuel Thibault, 2013/07/22
- Re: feature-mtab-translator (v3), Neal H. Walfield, 2013/07/23
- [PATCH 14/17] trans/symlink.c: add fsys_get_source, Justus Winter, 2013/07/11
- [PATCH 11/17] libdiskfs: add fsys_get_source, Justus Winter, 2013/07/11
- [PATCH 12/17] libnetfs: add fsys_get_source, Justus Winter, 2013/07/11
- [PATCH 17/17] add mtab prototype, Justus Winter, 2013/07/11
- [PATCH 13/17] libtrivfs: add fsys_get_source, Justus Winter, 2013/07/11
- [PATCH 15/17] hurd: add fsys_get_source, Justus Winter, 2013/07/11