"Serge E. Hallyn" <[email protected]> writes: > Ignoring namespaces for a moment, I guess we could do something like > > struct credentials_pass { > pid_t global_pid; > unsigned long unique_id; > uid_t new_uid; > gid_t new_gid; > int num_aux_gids; > gid_t aux_gids[]; > }
This looks surprising like what I am doing in passing uids and pids through unix domain sockets. So if this looks like a direction we want to go it shouldn't be too difficult. >> That also btw needs fixing for other reasons - more than one daemon has >> been written that generically uses recvmsg and so can be attacked with FD >> leaks >-) > > Yup. > > (By 'needs fixing' you just mean needs to be done right for this > service? Else I think I'm missing something...) Remember my unix domain socket and the patch for converting struct cred into a new context, from a month or so ago. I think that is what we are talking about. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
