Access to credentials of a process from another?

From: Markku Savela
Date: Fri Aug 08 2008 - 04:45:54 EST

Next message: Hugh Dickins: "Re: question about do_anonymous_page()"
Previous message: Wolfgang Walter: "Re: Kernel oops with 2.6.26, padlock and ipsec: probably problem with fpu state changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I looked with some interest the big credentials patch.

I have a desire to do following in user space

- have PID of another process

- want to check some aspect of credentials of this process from
another process (for example, currently whether the other process
has a specific group in its context).

In current Ubuntu release, to achieve this, I had to patch kernel
sys.c and write own kernel module which offered the API for this
function.

I notice that credentials (http://lwn.net/Articles/287091/) document
has some wording about accessing credentials from another
process. What is not clear yet (in document),

- is this possible from loadable module (e.g. are the required
symbols exported)?

- are there any plans to define some API for a user space application
to access this information?

I assume that in some cases, like Unix socket, the peers should
have same direct vay of reading each others credentials blobs from the
socket?

However, for example, in case of DBus this is murky, as the server and
client do not have direct connection to each other, and DBus would
need to pass some information. Currently, with some work, it is
possible for DBus server to get the clients PID. Thus, a function in
user space to get the credentials by PID would be sufficient.

Also, it is not acceptable to say that DBus should use it's "root"
powers and fake clients credentials on forwarded messages.

- First, not all DBus are root,

- second, server might want to see both credentials (DBus servers and
the originating client).

Finally, I don't like any text based /proc file solutions, for example
parsing output of "/proc/<pid>/status" is horrible (especially was not
option for me, because it does not give all groups anyway).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hugh Dickins: "Re: question about do_anonymous_page()"
Previous message: Wolfgang Walter: "Re: Kernel oops with 2.6.26, padlock and ipsec: probably problem with fpu state changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]