On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote: > The problem is the possibility of denial-of-service attacks here. We > can try to prevent them by: > 1) specifying an extra security bit on the file that indicates that > share flags are accepted (like we have for mandatory locks now) and > setting it for neccessary files only, or > 2) adding a special mount option (but it it probably makes sense if > we decided to add this support for CIFS and NFS only).
In the case of knfsd and samba exporting a common filesystem, you'd also want to be able to enforce it on the exported filesystem. --b.
