[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MEMORY credential cache interop between Heimdal and MIT?

Howard Chu wrote:
> Michael B Allen wrote:
>> But using a file backed mapping is still no better than a disk file
>> ccache. You would have to use an anonymous mapping to protect the storage
>> from non-decendent processes.

> Anyway, the notion of a kernel driver to solve this problem is definitely 
> overkill. You can get the same functionality in purely user-level code.

Of course there's a flaw in both this daemon idea and in Michael's ioctl idea - 
if a process's parent exits, the child becomes owned by process 1, so you can't 
rely on walking up the process tree to find a parent ccache. The only sure 
thing is descriptor inheritance, and that only works if a particular process 
doesn't stomp on the descriptor before spawning any children.
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/