From: torvalds@transmeta.com (Linus Torvalds)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2.5.30+] Fourth attempt at a shared credentials patch
Date: Fri, 9 Aug 2002 21:15:20 +0000 (UTC) [thread overview]
Message-ID: <aj1bd8$ipm$1@penguin.transmeta.com> (raw)
In-Reply-To: 55560000.1028921049@baldur.austin.ibm.com
In article <55560000.1028921049@baldur.austin.ibm.com>,
Dave McCracken <dmccr@us.ibm.com> wrote:
>
>--On Thursday, August 08, 2002 11:55:05 PM +0200 Trond Myklebust
><trond.myklebust@fys.uio.no> wrote:
>
>> What if one thread is doing an RPC call while the other is changing
>> the 'groups' entry?
>
>Gah. Good point. Ok, I've added locking to the cred structure to handle
>this.
Please don't do this with locking, I really think the right thing to do
is to have a "duplicate()" function, and when you pass credentials off
to something, you dup them at that point.
If you start off as non-root, and then execve suid into root, a pending
NFS request should _not_ suddently have the credentials changed under
it. Yet clearly that kind of thing can't just be locked either.
Along with copy-on-write semantics, this should perform perfectly well
(ie "duplicate()" would only increment a count, and then setuid() would
have to have code soemthing like
if (cred->count > 1) {
newcred = alloc_cred();
copy_cred(newcred, cred);
for_each_cred_group(p) {
p->cred = newcred;
atomic_inc(&newcred->count);
putcred(cred);
}
}
instead.
Linus
next prev parent reply other threads:[~2002-08-09 21:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-08 14:58 [PATCH 2.5.30+] Second attempt at a shared credentials patch Dave McCracken
2002-08-08 15:32 ` Trond Myklebust
2002-08-08 16:20 ` Dave McCracken
2002-08-08 16:54 ` Trond Myklebust
2002-08-08 18:05 ` Dave McCracken
2002-08-08 19:56 ` Trond Myklebust
2002-08-08 20:11 ` Dave McCracken
2002-08-08 21:55 ` Trond Myklebust
2002-08-09 19:24 ` [PATCH 2.5.30+] Fourth " Dave McCracken
2002-08-09 19:51 ` Trond Myklebust
2002-08-09 20:51 ` Dave McCracken
2002-08-12 20:08 ` Trond Myklebust
2002-08-09 21:15 ` Linus Torvalds [this message]
2002-08-08 20:11 ` [PATCH 2.5.30+] Second " Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='aj1bd8$ipm$1@penguin.transmeta.com' \
--to=torvalds@transmeta.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.