[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MEMORY credential cache interop between Heimdal and MIT?
Michael B Allen wrote:
>>> descriptor inheritance is used, descriptors are not inherited across
>>> execv which breaks Henry's "admin window" scenario.
>> Nonsense. Descriptors are only closed if they are explicitly set to Close-on-Exec.
> True. I don't know what I was thinking.
> But using a file backed mapping is still no better than a disk file
> ccache. You would have to use an anonymous mapping to protect the storage
> from non-decendent processes.
Sure, using an anonymous mapping can easily be done if you want that
protection. I think there are cases where such protection is unnecessary, as
long as only the owner of the file can open it.
Anyway, the notion of a kernel driver to solve this problem is definitely
overkill. You can get the same functionality in purely user-level code.
E.g., write a ccache daemon that listens on a Unix domain socket. When a client
attaches to the socket, the daemon uses getpeereid() (or its equivalent) to
determine the uid/gid/pid of the client. To create a cache, the client creates
an anonymous mapping and sends the descriptor to the daemon. To access a cache,
the daemon passes a descriptor back to the client. The daemon can then
implement whatever policies you like re: whether only related processes can use
a cache, or whether arbitrary processes with the same uid, or whatever. This
avoids the problem of inheritance past a child process that closes all its
descriptors. (Although it's likely that a process that goes to the trouble of
closing all its descriptors probably doesn't want any ccache to be inherited in
the first place.)
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/