On Thu, 2003-02-06 at 10:10, Tim Potter wrote:
> On Thu, Feb 06, 2003 at 12:06:04AM +0100, Rafal Szczesniak wrote:
>
> > > Attached patch can be seen as proposal to discuss behavior of gencache in
> > > case when it is used in applications running under non-priviledged
> > > accounts so that O_RDWR|O_CREAT always fails against system-wide
> > > lock_path("gencache.tdb") (which is usually created by smbd/nmbd).
> > >
> > > The patch adds error resistence and tries to re-open gencache.tdb in
> > > O_RDONLY mode if O_RDWR|O_CREAT failed. This allows the application to use
> > > existing entries but forbids cache updates.
> >
> > I understand your idea, but it's useful only when another root-privileged
> > process is able to update the cache contents (like parent process ?).
> > Otherwise, only per-user cache makes sense when it comes to being useful.
>
> It is actually slightly useful. If you are a user process running on a
> Samba server, then you can share the up to date cache data that is
> generated by smbd and nmbd. You're right though in the fact that you
> can't update it or expire old entries.
>
> I still think it's useful though.One of the problems is that gencache can be used to store all sorts of information. For example I want to move netlogon_unigroup.tdb into it, and possibly more sensitive information in future. My worry is that we could leak information this way. I'm also told that there could be issues with the ability to 'block' smbd with byte-range read-locking on that database. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
