vfs.usermount not working anymore on SMB shares?
Simon Barner
barner at in.tum.de
Fri Jun 25 10:06:27 GMT 2004
[...]
> > Only for two operations (one of which is the iconv table manipulation),
> > mount_smbfs very briefly switches back to uid 0.
>
> Right, they're needed user mounts to work and this is less evil
> choice in the terms of security, but still, not very perfect. The reason
> is simple: by abusing ability to load kernel tables user can intentionally
> fill all of the kernel memory.
Ah, ok. But could he do that, too, by creating a large numbers of mount
points? One had to introduce a per user limit for the number of file
systems mounted, and also for the number of iconv tables loaded.
[...]
> The simplest solution is to preload all necessary conversion
> tables via creating some mount points as root. iconv interface will reuse
> them for all subsequent user mounts.
>
> The more proper solution will be an userland utility which can
> preload tables at boot time.
And an accompanying rc.conf hook, like iconv_preload=...
I like that idea a lot, and I'll see that I'll get it implemented
soon[tm].
Regards,
Simon
More information about the freebsd-current
mailing list