Re: problems with changing UID/GID

From: Luca Barbieri (ldb@ldb.ods.org)
Date: Mon Aug 26 2002 - 13:49:19 EST

Next message: Vojtech Pavlik: "[patch] Fixed not keeping shifts over VT switch"
Previous message: Luck, Tony: "RE: Finding out whether memory was allocated with kmalloc or vmal loc"
In reply to: Alan Cox: "Re: problems with changing UID/GID"
Next in thread: Chris Wedgwood: "Re: problems with changing UID/GID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2002-08-26 at 19:16, Alan Cox wrote:
> On Mon, 2002-08-26 at 15:58, Thunder from the hill wrote:
> > I personally like the task->cred->cr_uid, etc. approach. Helps a lot.
>
> It changes the whole semantics of every security test in Linux, and
> breaks most of them totally. Our syscalls know the uid is constant
> during the call
This is easily fixable by having a shared structure separate from the
private one and propagating modifications only when entering kernel
mode.
If we combine the syscall-trace and cred-propagation checks this can be
done without overhead in the common case (but needs care to avoid
races).

This is similar to what user space would do but faster and transparent.

(BTW, I don't plan to code this myself)

application/pgp-signature attachment: This is a digitally signed message part

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vojtech Pavlik: "[patch] Fixed not keeping shifts over VT switch"
Previous message: Luck, Tony: "RE: Finding out whether memory was allocated with kmalloc or vmal loc"
In reply to: Alan Cox: "Re: problems with changing UID/GID"
Next in thread: Chris Wedgwood: "Re: problems with changing UID/GID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Aug 31 2002 - 22:00:18 EST