On Tue, Feb 16, 2010 at 7:46 PM, Simon Wilkinson <[email protected]> wrote: > We're currently (on opeanfs-devel) discussing a new mechanism for storing > tokens in the kernel - this new mechanism is required to support new > security layers such as rxgk and rxk5. There have been a significant number > of posters advocating removing the 'change the PAG of my parent' feature, > which is used by aklog -setpag, amongst others. A process would still be > able to change its own PAG. > > There are numerous technical reasons for wanting to make this change. This > functionality is very difficult to implement in a cross-platform manner, > without exposing ourselves to all sorts of kernel races. On some platforms > (such as Linux) it works on some kernel versions, but not on others. Things > would be made considerably easier if this feature went away. > > Based on current developer feedback, I'm planning on removing the setpag > functionality from the new interface. However, before making the final > decision, I'm very interested in hearing the views of deployers and end > users? How many of you rely on aklog -setpag? How difficult would things be > for you if it went away in some future major release [*]? > > Thanks, > > Simon > > [*] Whilst I can't commented for the gatekeepers, I'd imagine that this kind > of thing would only change with a major release hike, and certainly not > before 1.8 given the current release plans.
There's no guarantee the feature will last that long, for precisely the reasons you cite; Indeed, we could at any time find a bug which makes it dangerous to leave enabled. However, as of this time there is no immediate plan to remove it and certainly because it would be a feature change we will leave it in 1.4 unless there's a security reason not to. At this point, whether it survives to 1.6 is still fair game. Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
