[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: setpag switch for afslog?
So the question to the AFS developers is:
Is the use of the ktc_SetToken(...,setpag) to set the PAG of a parent
going to continue to be supported in the future? Or should it be deprecated?
Love wrote:
>
> Andrei Maslennikov <andrei@caspur.it> writes:
>
> > Would it be possible to support similar functionality in Heimdal
> > ("-setpag" switch, or function, or both)? It would simplify many
> > things.
>
> Yes, --setpag should be very possible. However, can the people the propose
> using this tell afs implementors that its secure to do ?
>
> I have not implemented --setpag functionality in arla because I'm not sure
> its secure. Modify the parent(s) of a process seems like a recipe for
> disaster unless its done very carefully.
As you point out this is strange, a process modifying its parent. Considering
all the discussion on Linux 2.6 kernel mods, maybe this should be dropped.
I have also seen problems with it on some systems in the past.
But it has proved to be very handy. Doing a klog -setpag user modifies the
parent shell. (I know pagsh;klog could do something similar.)
The one other place this is useful is that no AFS libs need to be linked
to a daemon which needs to set a pag. This avoids conflicts and allows
daemons to be built that can support AFS if its available. (PAM can also
address this if the daemon uses PAM.)
> Love
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444