Return-Path: <linux-kernel-owner+willy=40w.ods.org@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S261449AbTEMPza (ORCPT <rfc822;willy@w.ods.org>);
	Tue, 13 May 2003 11:55:30 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261438AbTEMPxp
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Tue, 13 May 2003 11:53:45 -0400
Received: from pub237.cambridge.redhat.com ([213.86.99.237]:34021 "EHLO
	warthog.warthog") by vger.kernel.org with ESMTP id S261369AbTEMPxU
	(ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 13 May 2003 11:53:20 -0400
To: Linus Torvalds <torvalds@transmeta.com>
cc: David Howells <dhowells@redhat.com>, linux-kernel@vger.kernel.org,
       linux-fsdevel@vger.kernel.org, openafs-devel@openafs.org
Subject: Re: [PATCH] in-core AFS multiplexor and PAG support 
In-Reply-To: <Pine.LNX.4.44.0305130849480.1562-100000@home.transmeta.com> 
User-Agent: EMH/1.14.1 SEMI/1.14.4 (Hosorogi) FLIM/1.14.4
 (=?ISO-8859-4?Q?Kashiharajing=FE-mae?=) APEL/10.4 Emacs/21.2
 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=US-ASCII
Date: Tue, 13 May 2003 17:05:57 +0100
Message-ID: <8812.1052841957@warthog.warthog>
From: David Howells <dhowells@warthog.cambridge.redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1477
Lines: 38


Linus Torvalds wrote:
> On Tue, 13 May 2003, David Howells wrote:
> > 
> >  (1) PAG (Process Authentication Group) support. A PAG is ID'd by a unique
> >      number, and is represented in memory as a structure that has a ring of
> >      associated authentication tokens.
> > 
> >      Each process can either be part of a PAG, or it can PAG-less - in
> >      which case it has no authentication tokens.
> > 
> >      Two new syscalls are added: setpag and getpag.
> 
> I think the code looks pretty horrible,

Any particular bits?

> but I think we'll need something like this to keep track of keys. However,
> I'm not sure we should make this a new structure - I think we should make
> the current "tsk->user" thing _be_ the "PAG".

Maybe... There are arguments either way, but if the token ring is kept in
struct user, a task can't detach from it and pass a token-less set of keys
onto another process it wants to run.

Also, using a separate PAG structure means that you can lend your keys to an
SUID program and conversely it means a SUID program can't so easily gain
access to keys it didn't inherit from its caller.

I'm not sure that the ability to arbitrarily join a PAG should be permitted,
but it was requested.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/