Re: In-kernel Authentication Tokens (PAGs)

From: Kyle Moffett
Date: Fri Jun 11 2004 - 23:50:04 EST

Next message: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Previous message: Matt Mackall: "Re: timer + fpu stuff locks my console race"
In reply to: Chris Wright: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Chris Wright: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 11, 2004, at 23:15, Chris Wright wrote:

Hrm. Wouldn't it be possible that two processes with same uid have
authenticated in different domains, and as such shouldn't be allowed to
touch each other's PAGs? Or is this not allowed?

Linux doesn't really support the idea that a process should not be able to
affect another process in the same UID. There's too many things that
would break or become horribly insecure if we tried to assume that. For
example, just attach a debugger to a process that you want the keys of.
Then just insert a few system calls to retrieve the data, and leave. Linux
assumes atomicity of a user/UID and it's not practical to change that.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Previous message: Matt Mackall: "Re: timer + fpu stuff locks my console race"
In reply to: Chris Wright: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Chris Wright: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]