From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Lutomirski <luto@amacapital.net>
Subject: Re: Thoughts on credential switching
Date: Thu, 27 Mar 2014 09:21:22 -0700
Message-ID: <CALCETrXbN1vgTNJB2UGeDvxJ+pwsqO1dOfea5Crs4As1A8dKUg@mail.gmail.com>
References: <CALCETrVyNXYaMWOyWj4gKLWVdzPrSkvv7WTBi2Aa8mYs4NKH9g@mail.gmail.com>
 <20140327004225.GA20247@sergelap> <CALCETrUtRzViEYUNev1JNFZMms56uiw47YZezak0Z0PKgFneQA@mail.gmail.com>
 <533446A7.6020003@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>,
	Jim Lieb <jlieb@panasas.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	LSM List <linux-security-module@vger.kernel.org>,
	"Serge E. Hallyn" <serge@canonical.com>,
	Kees Cook <keescook@chromium.org>,
	Linux FS Devel <linux-fsdevel@vger.kernel.org>,
	"Theodore Ts'o" <tytso@mit.edu>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	bfields@redhat.com, Jeff Layton <jlayton@redhat.com>
To: Florian Weimer <fweimer@redhat.com>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <533446A7.6020003@redhat.com>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Thu, Mar 27, 2014 at 8:41 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 03/27/2014 02:01 AM, Andy Lutomirski wrote:
>
>> Essentially, it's a performance problem.  knfsd has override_creds,
>> and it can cache struct cred.  But userspace doing the same thing
>> (i.e. impersonating a user) has to do setresuid, setresgid, and
>> setgroups, which kills performance, since it results in something like
>> five RCU callbacks per impersonation round-trip.
>
>
> Do you mean setfsuid instead of setresuid?

No, but I should have given context.  setfsuid sucks, since its return
value is garbage.  It's also pointless nowadays, since setresuid can
be used to sanely change only the effective uid, and doing so should
be secure.

See: http://article.gmane.org/gmane.linux.kernel/1540880

--Andy