Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 26 Aug 2002 20:28:47 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 26 Aug 2002 20:28:47 -0400 Received: from ppp-217-133-216-55.dialup.tiscali.it ([217.133.216.55]:8590 "EHLO home.ldb.ods.org") by vger.kernel.org with ESMTP id ; Mon, 26 Aug 2002 20:28:46 -0400 Subject: Re: problems with changing UID/GID From: Luca Barbieri To: Alan Cox Cc: Thunder from the hill , Zheng Jian-Ming , Linux-Kernel ML In-Reply-To: <1030382219.1751.14.camel@irongate.swansea.linux.org.uk> References: <1030382219.1751.14.camel@irongate.swansea.linux.org.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-tKi4GcZpcNZlPMdcAiOr" X-Mailer: Ximian Evolution 1.0.5 Date: 26 Aug 2002 20:49:19 +0200 Message-Id: <1030387759.1488.22.camel@ldb> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1437 Lines: 42 --=-tKi4GcZpcNZlPMdcAiOr Content-Type: text/plain Content-Transfer-Encoding: 7bit On Mon, 2002-08-26 at 19:16, Alan Cox wrote: > On Mon, 2002-08-26 at 15:58, Thunder from the hill wrote: > > I personally like the task->cred->cr_uid, etc. approach. Helps a lot. > > It changes the whole semantics of every security test in Linux, and > breaks most of them totally. Our syscalls know the uid is constant > during the call This is easily fixable by having a shared structure separate from the private one and propagating modifications only when entering kernel mode. If we combine the syscall-trace and cred-propagation checks this can be done without overhead in the common case (but needs care to avoid races). This is similar to what user space would do but faster and transparent. (BTW, I don't plan to code this myself) --=-tKi4GcZpcNZlPMdcAiOr Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9angvdjkty3ft5+cRArs6AJ0bk2IqvW6Qbw/dT6Jp/tRPvYxkPgCeMDRU NkB6nvubq2qALgBUuhDOmrs= =t6Yb -----END PGP SIGNATURE----- --=-tKi4GcZpcNZlPMdcAiOr-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/