| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Mar 2014 09:21:22 -0700 From: Andy Lutomirski <luto@...capital.net> To: Florian Weimer <fweimer@...hat.com> Cc: Serge Hallyn <serge.hallyn@...ntu.com>, Jim Lieb <jlieb@...asas.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, LSM List <linux-security-module@...r.kernel.org>, "Serge E. Hallyn" <serge@...onical.com>, Kees Cook <keescook@...omium.org>, Linux FS Devel <linux-fsdevel@...r.kernel.org>, "Theodore Ts'o" <tytso@....edu>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, bfields@...hat.com, Jeff Layton <jlayton@...hat.com> Subject: Re: Thoughts on credential switching On Thu, Mar 27, 2014 at 8:41 AM, Florian Weimer <fweimer@...hat.com> wrote: > On 03/27/2014 02:01 AM, Andy Lutomirski wrote: > >> Essentially, it's a performance problem. knfsd has override_creds, >> and it can cache struct cred. But userspace doing the same thing >> (i.e. impersonating a user) has to do setresuid, setresgid, and >> setgroups, which kills performance, since it results in something like >> five RCU callbacks per impersonation round-trip. > > > Do you mean setfsuid instead of setresuid? No, but I should have given context. setfsuid sucks, since its return value is garbage. It's also pointless nowadays, since setresuid can be used to sanely change only the effective uid, and doing so should be secure. See: http://article.gmane.org/gmane.linux.kernel/1540880 --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists