lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20131016224248.GQ13318@ZenIV.linux.org.uk>
Date:	Wed, 16 Oct 2013 23:42:48 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Jim Lieb <jlieb@...asas.com>
Cc:	tytso@....edu, viro@...iv.linux.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, bfields@...hat.com,
	jlayton@...hat.com
Subject: Re: [PATCH 1/3] switch_creds:  Syscall to switch creds for file
 server ops

On Wed, Oct 16, 2013 at 03:01:57PM -0700, Jim Lieb wrote:
> File servers must do some operations with the credentials of
> their client.  This syscall switches the key credentials similar
> to nfsd_setuser() in fs/nfsd/auth.c  with the capability of retaining a
> handle to the credentials by way of an fd for an open anonymous file.
> This makes switching for subsequent operations for that client more efficient.

	Yet Another Untyped Multiplexor.  Inna bun.  Onna stick.
CMOT Dibbler special...

	Switching creds to those of opener of given file descriptor
is fine, but in any realistic situation you'll get all the real win
from that - you should cache those fds (which you seem to do), and
then setuid/etc. is done once per cache miss.  Making the magical
"set them all at once" mess (complete with non-trivial structure,
32/64bit compat, etc.) pointless.  Moreover, you don't need any magic
files at all - just set the creds and open /dev/null and there's your fd.
With proper creds associated with it.  While we are at it, just _start_
with opening /dev/null.  With your initial creds.  Voila - revert is
simply switch to that fd's creds.

	IOW, you really need only one syscall:

SYSCALL_DEFINE1(switch_cred, int, fd)
{
	struct fd f = fdget(fd);
	if (!f.file)
		return -EBADF;
	put_cred(override_creds(f.file->f_cred);
	fdput(f);
	return 0;
}

and that's all there is to it.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ