[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setpag switch for afslog?



So the question to the AFS developers is:

   Is the use of the ktc_SetToken(...,setpag) to set the PAG of a parent 
   going to continue to be supported in the future? Or should it be deprecated?

Love wrote:
> 
> Andrei Maslennikov <andrei@caspur.it> writes:
> 
> > Would it be possible to support similar functionality in Heimdal
> > ("-setpag" switch, or function, or both)? It would simplify many
> > things.
> 
> Yes, --setpag should be very possible. However, can the people the propose
> using this tell afs implementors that its secure to do ?
> 
> I have not implemented --setpag functionality in arla because I'm not sure
> its secure. Modify the parent(s) of a process seems like a recipe for
> disaster unless its done very carefully.

As you point out this is strange, a process modifying its parent. Considering
all the discussion on Linux 2.6 kernel mods, maybe this should be dropped. 
I have also seen problems with it on some systems in the past. 

But it has proved to be very handy. Doing a klog -setpag user modifies the
parent shell. (I know pagsh;klog could do something similar.)

The one other place this is useful is that no AFS libs need to be linked
to a daemon which needs to set a pag. This avoids conflicts and allows
daemons to be built that can support AFS if its available. (PAM can also
address this if the daemon uses PAM.)


 

> Love
> 
>   ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444