10 Dec
2012
10 Dec
'12
4:41 p.m.
On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote:
The problem is the possibility of denial-of-service attacks here. We can try to prevent them by:
- specifying an extra security bit on the file that indicates that
share flags are accepted (like we have for mandatory locks now) and setting it for neccessary files only, or 2) adding a special mount option (but it it probably makes sense if we decided to add this support for CIFS and NFS only).
In the case of knfsd and samba exporting a common filesystem, you'd also want to be able to enforce it on the exported filesystem.
--b.