>>>>> " " == Luca Barbieri <ldb@ldb.ods.org> writes:
> For example, rather than this;
<snip>
> you can just do this:
> - uid_t saved_fsuid = current->fsuid;
> + uid_t saved_fsuid = current->fscred.uid;
> kernel_cap_t saved_cap =
> current->cap_effective;
But I don't want to have to do that at all. Why should I change the
actual task's privileges in order to call down into a single VFS
function?
The point of VFS support for credentials is to eliminate these hacks,
and cut down on all this gratuitous changing of privilege. That's what
we want the API changes for.
Who cares if changing fsuid/fsgid is more expensive? The only place we
should actually be doing that is in sys_fsuid(), sys_fsgid(), and
possibly daemonize(), where adequate security checks can be made.
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Sep 07 2002 - 22:00:14 EST