On Mon, Apr 03, 2006 at 05:04:00PM -0400, Jeffrey Hutzelman wrote: > On Monday, April 03, 2006 02:08:46 PM -0500 Nicolas Williams > <[EMAIL PROTECTED]> wrote: > >Right. But I'd like the OS to provide a "fall to zero refcount" > >facility for either "cred_t instances referencing some UID" or "cred_t > >instances referencing some PAG." > > Why "either" and not "both"? For that matter, you could also do it for > references to GID's, though I don't see any particular use for that.
OK. > UID's and PAG's are very nearly orthogonal. In particular, it is _not_ the > case that all processes in the same PAG have the same UID - PAG membership > survives things like starting SUID binaries, which we consider a feature > (after all, it's part of the same session). But you may want to place access controls on PAG associations. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
