Jeffrey Hutzelman wrote: >> >> Yes, the authentication wrapper is suid root. > >So arrange for your wrapper to set a new PAG before changing its UID, and >the one-PAG-per-second limit won't apply. Then just make sure you reboot >your servers often enough to avoid rollover (at least once every 2^24 PAG's)
This is still unacceptable, because as soon as root has exceeded the one-pag-per-second based on the uptime of the host, mere mortal users will _never_ receive a pag until root stops requesting them. That doesn't work for us. Providing root a bypass on the one-pag-per-second seems fundamentally broken to me, if it means that non-uid=0 processes can get starved. I'm also concerned about your last statement, and how I validate pag-non-rollover in a verifiable manner. My guess is that most admins simply ignore it and hand-wave "Oh, that will never happen." We need stronger guarantees. Actually checking the current pag count from time to time requires very detailed knowledge of how the pag is represented in the groups, and is something that the solution we're using doesn't require. Dave _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
