Date: Fri, 25 Jun 2004 12:04:57 +0200 From: Simon Barner <barner@in.tum.de> To: Boris Popov <bp@vertex.kz> Cc: AK <lesha@intercaf.ru> Subject: Re: vfs.usermount not working anymore on SMB shares? Message-ID: <20040625100457.GA87998@zi025.glhnet.mhn.de> In-Reply-To: <20040625062458.GA58310@vertex.kz> References: <200406210450.39636.lesha@intercaf.ru> <20040622153317.W79584@carver.gumbysoft.com> <20040623002120.GA31046@zi025.glhnet.mhn.de> <20040625062458.GA58310@vertex.kz>
next in thread | previous in thread | raw e-mail | index | archive | help
[...] > > Only for two operations (one of which is the iconv table manipulation), > > mount_smbfs very briefly switches back to uid 0. > > Right, they're needed user mounts to work and this is less evil > choice in the terms of security, but still, not very perfect. The reason > is simple: by abusing ability to load kernel tables user can intentionally > fill all of the kernel memory. Ah, ok. But could he do that, too, by creating a large numbers of mount points? One had to introduce a per user limit for the number of file systems mounted, and also for the number of iconv tables loaded. [...] > The simplest solution is to preload all necessary conversion > tables via creating some mount points as root. iconv interface will reuse > them for all subsequent user mounts. > > The more proper solution will be an userland utility which can > preload tables at boot time. And an accompanying rc.conf hook, like iconv_preload=... I like that idea a lot, and I'll see that I'll get it implemented soon[tm]. Regards, Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040625100457.GA87998>