Michael B Allen wrote:
If
descriptor inheritance is used, descriptors are not inherited across
execv which breaks Henry's "admin window" scenario.
Nonsense. Descriptors are only closed if they are explicitly set to
Close-on-Exec.
True. I don't know what I was thinking.
But using a file backed mapping is still no better than a disk file
ccache. You would have to use an anonymous mapping to protect the storage
from non-decendent processes.
Sure, using an anonymous mapping can easily be done if you want that
protection. I think there are cases where such protection is unnecessary, as
long as only the owner of the file can open it.
Anyway, the notion of a kernel driver to solve this problem is definitely
overkill. You can get the same functionality in purely user-level code.
E.g., write a ccache daemon that listens on a Unix domain socket. When a client
attaches to the socket, the daemon uses getpeereid() (or its equivalent) to
determine the uid/gid/pid of the client. To create a cache, the client creates
an anonymous mapping and sends the descriptor to the daemon. To access a cache,
the daemon passes a descriptor back to the client. The daemon can then
implement whatever policies you like re: whether only related processes can use
a cache, or whether arbitrary processes with the same uid, or whatever. This
avoids the problem of inheritance past a child process that closes all its
descriptors. (Although it's likely that a process that goes to the trouble of
closing all its descriptors probably doesn't want any ccache to be inherited in
the first place.)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
