vfs.usermount not working anymore on SMB shares?

[Simon Barner]

[...]

> > Only for two operations (one of which is the iconv table manipulation),
> > mount_smbfs very briefly switches back to uid 0.
> 
> 	Right, they're needed user mounts to work and this is less evil
> choice in the terms of security, but still, not very perfect.  The reason
> is simple: by abusing ability to load kernel tables user can intentionally
> fill all of the kernel memory.

Ah, ok. But could he do that, too, by creating a large numbers of mount
points? One had to introduce a per user limit for the number of file
systems mounted, and also for the number of iconv tables loaded.

[...]

> 	The simplest solution is to preload all necessary conversion
> tables via creating some mount points as root.  iconv interface will reuse
> them for all subsequent user mounts.
> 
> 	The more proper solution will be an userland utility which can 
> preload tables at boot time.

And an accompanying rc.conf hook, like iconv_preload=...

I like that idea a lot, and I'll see that I'll get it implemented
soon[tm].

Regards,
 Simon