Re: [PATCH 3/3] p9auth: add p9auth driver

From: Eric W. Biederman
Date: Wed Apr 21 2010 - 15:15:52 EST

Next message: Greg KH: "Re: [stable] [PATCH] tun: orphan an skb on tx"
Previous message: Farid Hammane: "[PATCH] i2c-algo-pca: fix all coding style issues in i2c-algo-pca.c"
In reply to: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Next in thread: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Serge E. Hallyn" <serue@xxxxxxxxxx> writes:

> Ignoring namespaces for a moment, I guess we could do something like
>
> struct credentials_pass {
> pid_t global_pid;
> unsigned long unique_id;
> uid_t new_uid;
> gid_t new_gid;
> int num_aux_gids;
> gid_t aux_gids[];
> }

This looks surprising like what I am doing in passing uids and pids
through unix domain sockets.

So if this looks like a direction we want to go it shouldn't be too
difficult.

>> That also btw needs fixing for other reasons - more than one daemon has
>> been written that generically uses recvmsg and so can be attacked with FD
>> leaks >-)
>
> Yup.
>
> (By 'needs fixing' you just mean needs to be done right for this
> service? Else I think I'm missing something...)

Remember my unix domain socket and the patch for converting struct cred
into a new context, from a month or so ago. I think that is what we
are talking about.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [stable] [PATCH] tun: orphan an skb on tx"
Previous message: Farid Hammane: "[PATCH] i2c-algo-pca: fix all coding style issues in i2c-algo-pca.c"
In reply to: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Next in thread: Serge E. Hallyn: "Re: [PATCH 3/3] p9auth: add p9auth driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]