Re: [PATCH 3/3] p9auth: add p9auth driver

From: Alan Cox
Date: Wed Apr 21 2010 - 05:25:32 EST

Next message: Mel Gorman: "Re: [PATCH] hugetlbfs: Kill applications that use MAP_NORESERVEwith SIGBUS instead of OOM-killer"
Previous message: Jamie Lokier: "Re: [PATCH 13/35] fallthru: ext2 fallthru support"
In reply to: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Next in thread: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This is a change which must be discussed. The use of this
> privilege can be completely prevented by having init remove
> CAP_GRANT_ID from its capability bounding set before forking any
> processes.

Which is a minor back compat issue - but you could start without it and
allow init to add it.

It seems a very complex interface to do a simple thing. A long time ago
there was discussion around extending the AF_UNIX fd passing to permit
'pass handle and auth' so you could send someone a handle with a "become
me" token attached.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mel Gorman: "Re: [PATCH] hugetlbfs: Kill applications that use MAP_NORESERVEwith SIGBUS instead of OOM-killer"
Previous message: Jamie Lokier: "Re: [PATCH 13/35] fallthru: ext2 fallthru support"
In reply to: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Next in thread: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]