[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MEMORY credential cache interop between Heimdal and MIT?

Michael B Allen wrote:
>>> If
>>> descriptor inheritance is used, descriptors are not inherited across
>>> execv which breaks Henry's "admin window" scenario.
>> Nonsense. Descriptors are only closed if they are explicitly set to Close-on-Exec.
> True. I don't know what I was thinking.
> But using a file backed mapping is still no better than a disk file
> ccache. You would have to use an anonymous mapping to protect the storage
> from non-decendent processes.

Sure, using an anonymous mapping can easily be done if you want that 
protection. I think there are cases where such protection is unnecessary, as 
long as only the owner of the file can open it.

Anyway, the notion of a kernel driver to solve this problem is definitely 
overkill. You can get the same functionality in purely user-level code.
E.g., write a ccache daemon that listens on a Unix domain socket. When a client 
attaches to the socket, the daemon uses getpeereid() (or its equivalent) to 
determine the uid/gid/pid of the client. To create a cache, the client creates 
an anonymous mapping and sends the descriptor to the daemon. To access a cache, 
the daemon passes a descriptor back to the client. The daemon can then 
implement whatever policies you like re: whether only related processes can use 
a cache, or whether arbitrary processes with the same uid, or whatever. This 
avoids the problem of inheritance past a child process that closes all its 
descriptors. (Although it's likely that a process that goes to the trouble of 
closing all its descriptors probably doesn't want any ccache to be inherited in 
the first place.)
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/