[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MEMORY credential cache interop between Heimdal and MIT?

To: Michael B Allen <miallen@ioplex.com>
Subject: Re: MEMORY credential cache interop between Heimdal and MIT?
From: Howard Chu <hyc@highlandsun.com>
Date: Tue, 28 Aug 2007 20:55:56 -0700
CC: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>, Ken Raeburn <raeburn@MIT.EDU>, Jeffrey Altman <jaltman@secure-endpoints.com>, OpenAFS Devel <openafs-devel@openafs.org>
In-Reply-To: <20070828231655.f17fa922.miallen@ioplex.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <Pine.LNX.4.64.0708151117370.17167@iris02.slac.stanford.edu> <540F131A-18D4-4343-AE0F-3B5D760DA215@jpl.nasa.gov> <20070815161906.8fcc2ddf.miallen@ioplex.com> <46C36271.7050402@secure-endpoints.com> <20070815183305.2580e548.miallen@ioplex.com> <79896EE9-9AE9-41C5-8F66-B144D0E0B1F8@mit.edu> <20070815233444.a1d54835.miallen@ioplex.com> <E969A5EB-4AC3-471F-AE36-B3645A1349C3@kth.se> <20070816145410.3299c310.miallen@ioplex.com> <46C49F7C.6050101@secure-endpoints.com> <20070816165138.2e42c6f2.miallen@ioplex.com> <1B0367BD-BB1D-46F5-A684-346A93B8954E@MIT.EDU> <20070822132121.5270f764.miallen@ioplex.com> <A44562DD-4EE8-48E1-B562-BA4D0F74B7D5@jpl.nasa.gov> <46D4D0CD.3050003@highlandsun.com> <20070828223248.a5e62570.miallen@ioplex.com> <46D4DEAA.1030407@highlandsun.com> <20070828231655.f17fa922.miallen@ioplex.com>
Reply-To: heimdal-discuss@sics.se, Howard Chu <hyc@highlandsun.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007082216 SeaMonkey/2.0a1pre

Michael B Allen wrote:
>>> If
>>> descriptor inheritance is used, descriptors are not inherited across
>>> execv which breaks Henry's "admin window" scenario.
>> Nonsense. Descriptors are only closed if they are explicitly set to Close-on-Exec.
> 
> True. I don't know what I was thinking.
> 
> But using a file backed mapping is still no better than a disk file
> ccache. You would have to use an anonymous mapping to protect the storage
> from non-decendent processes.

Sure, using an anonymous mapping can easily be done if you want that 
protection. I think there are cases where such protection is unnecessary, as 
long as only the owner of the file can open it.

Anyway, the notion of a kernel driver to solve this problem is definitely 
overkill. You can get the same functionality in purely user-level code.
E.g., write a ccache daemon that listens on a Unix domain socket. When a client 
attaches to the socket, the daemon uses getpeereid() (or its equivalent) to 
determine the uid/gid/pid of the client. To create a cache, the client creates 
an anonymous mapping and sends the descriptor to the daemon. To access a cache, 
the daemon passes a descriptor back to the client. The daemon can then 
implement whatever policies you like re: whether only related processes can use 
a cache, or whether arbitrary processes with the same uid, or whatever. This 
avoids the problem of inheritance past a child process that closes all its 
descriptors. (Although it's likely that a process that goes to the trouble of 
closing all its descriptors probably doesn't want any ccache to be inherited in 
the first place.)
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

Follow-Ups:
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>

References:
- MEMORY credential cache interop between Heimdal and MIT?
  - From: Alf Wachsmann <alfw@slac.stanford.edu>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Ken Raeburn <raeburn@MIT.EDU>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Ken Raeburn <raeburn@MIT.EDU>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>

Prev by Date: Re: MEMORY credential cache interop between Heimdal and MIT?
Next by Date: Re: MEMORY credential cache interop between Heimdal and MIT?
Prev by thread: Re: MEMORY credential cache interop between Heimdal and MIT?
Next by thread: Re: MEMORY credential cache interop between Heimdal and MIT?
Index(es):
- Date
- Thread