Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261449AbTEMPza (ORCPT ); Tue, 13 May 2003 11:55:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261438AbTEMPxp (ORCPT ); Tue, 13 May 2003 11:53:45 -0400 Received: from pub237.cambridge.redhat.com ([213.86.99.237]:34021 "EHLO warthog.warthog") by vger.kernel.org with ESMTP id S261369AbTEMPxU (ORCPT ); Tue, 13 May 2003 11:53:20 -0400 To: Linus Torvalds cc: David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, openafs-devel@openafs.org Subject: Re: [PATCH] in-core AFS multiplexor and PAG support In-Reply-To: User-Agent: EMH/1.14.1 SEMI/1.14.4 (Hosorogi) FLIM/1.14.4 (=?ISO-8859-4?Q?Kashiharajing=FE-mae?=) APEL/10.4 Emacs/21.2 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi") Content-Type: text/plain; charset=US-ASCII Date: Tue, 13 May 2003 17:05:57 +0100 Message-ID: <8812.1052841957@warthog.warthog> From: David Howells Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1477 Lines: 38 Linus Torvalds wrote: > On Tue, 13 May 2003, David Howells wrote: > > > > (1) PAG (Process Authentication Group) support. A PAG is ID'd by a unique > > number, and is represented in memory as a structure that has a ring of > > associated authentication tokens. > > > > Each process can either be part of a PAG, or it can PAG-less - in > > which case it has no authentication tokens. > > > > Two new syscalls are added: setpag and getpag. > > I think the code looks pretty horrible, Any particular bits? > but I think we'll need something like this to keep track of keys. However, > I'm not sure we should make this a new structure - I think we should make > the current "tsk->user" thing _be_ the "PAG". Maybe... There are arguments either way, but if the token ring is kept in struct user, a task can't detach from it and pass a token-less set of keys onto another process it wants to run. Also, using a separate PAG structure means that you can lend your keys to an SUID program and conversely it means a SUID program can't so easily gain access to keys it didn't inherit from its caller. I'm not sure that the ability to arbitrarily join a PAG should be permitted, but it was requested. David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/