Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 26 Aug 2002 10:54:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 26 Aug 2002 10:54:39 -0400 Received: from pD9E2394F.dip.t-dialin.net ([217.226.57.79]:7345 "EHLO hawkeye.luckynet.adm") by vger.kernel.org with ESMTP id ; Mon, 26 Aug 2002 10:54:38 -0400 Date: Mon, 26 Aug 2002 08:58:25 -0600 (MDT) From: Thunder from the hill X-X-Sender: thunder@hawkeye.luckynet.adm To: Zheng Jian-Ming cc: linux-kernel@vger.kernel.org Subject: Re: problems with changing UID/GID In-Reply-To: <20020826133028.GA21965@cissol7.cis.nctu.edu.tw> Message-ID: X-Location: Dorndorf/Steudnitz; Germany MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1272 Lines: 34 Hi, On Mon, 26 Aug 2002, Zheng Jian-Ming wrote: > POSIX states that the credentials (uid, gid, capabilities, etc.) are > process-wide. So when one thread within the process changes some part > of the credentials, all threads see the change. > > But, the credentials are per-task in Linux, so it's possible to have > two tasks in a process running under different UIDs. > > It may have problems when we change UID/GID in one task within the > thread group. > > How to deal with it? Will Linux kernel move credentials into a shared > structure? There was some piece of work on that, done by Dave McCracken. But it lately had this "little security hole you could drive a big yellow truck with flashlights on through" problem... I personally like the task->cred->cr_uid, etc. approach. Helps a lot. Thunder -- --./../...-/. -.--/---/..-/.-./..././.-../..-. .---/..-/.../- .- --/../-./..-/-/./--..-- ../.----./.-../.-.. --./../...-/. -.--/---/..- .- -/---/--/---/.-./.-./---/.--/.-.-.- --./.-/-.../.-./.././.-../.-.-.- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/