Re: [PATCH] Initial support for struct vfs_cred [0/1]

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Luca Barbieri <ldb@ldb.ods.org>
To: Jan Harkes <jaharkes@cs.cmu.edu>
Cc: Linux-Kernel ML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Initial support for struct vfs_cred   [0/1]
Date: 09 Sep 2002 13:17:45 +0200	[thread overview]
Message-ID: <1031570265.16159.130.camel@ldb> (raw)
In-Reply-To: <20020909062223.GA19766@ravel.coda.cs.cmu.edu>

[-- Attachment #1: Type: text/plain, Size: 2147 bytes --]

On Mon, 2002-09-09 at 08:22, Jan Harkes wrote: 
> On Mon, Sep 09, 2002 at 12:04:03AM +0200, Luca Barbieri wrote:
> > > Now if this is a multithreaded application that does this in one thread
> > > and another thread happens to open a completely unrelated file around
> > > the time that the first thread drops this application's setuid
> > > permissions. If we don't use a copy during the open upcall, but copy it
> > > after the fact, we don't have the correct permissions around the time
> > > the file is closed.
> > You would copy them during the filesystem open.
> > My point was that in the generic vfs open there is no need to use copied
> > credentials so credentials copying can be restricted to network
> > filesystems with not-very-good designs.
> > 
> > > > BTW, imho a correctly designed network filesystem should have a single
> > > > stateful encrypted connection (or a pool of equally authenticated ones)
> > > > and credentials (i.e. passwords) should only be passed when the user
> > > > makes the first filesystem access. After that the server should do
> > > > authentication with the OR of all credentials received and the client
> > > > kernel should further decide whether it can give access to a particular
> > > > user.
> > > 
> > > Right, which is pretty close to what Coda does.
> > This is in contradiction with your statement about credentials sent
> > during close.
> 
> How so, Coda has a pool of authenticated connections per user. But the
> userspace cachemanager still needs to know which user performed the
> operation in order to pick the right connection to send the message.
> 
> If user A opens a file and then user B writes/closes it, should it send
> the write/close message over the authenticated connection of user B?
> Ofcourse not, so we need to store the credentials of the opener with the
> file.
My point is that all users should be authenticated on all connections.
You may have to remember which connection was used to open the file, but
it's probably much better to design the protocol so that this isn't
necessary: this would allow efficient load balancing with per-cpu or
per-nic connections.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2002-09-09 11:13 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-08-31 16:32 [PATCH] Initial support for struct vfs_cred [0/1] Trond Myklebust
2002-08-31 18:57 ` Luca Barbieri
2002-08-31 19:36   ` Linus Torvalds
2002-08-31 19:38     ` Luca Barbieri
2002-08-31 22:30       ` Trond Myklebust
2002-08-31 23:13         ` Luca Barbieri
2002-09-01 13:03           ` Trond Myklebust
2002-09-01 14:10             ` Trond Myklebust
2002-09-01 14:20               ` Luca Barbieri
2002-09-01 16:40                 ` Trond Myklebust
2002-09-01 18:54                   ` Luca Barbieri
2002-09-01 19:40                     ` Trond Myklebust
2002-09-01 21:34                       ` Luca Barbieri
2002-09-01 21:56                         ` Trond Myklebust
2002-09-01 22:50                           ` Luca Barbieri
     [not found]                             ` <20020903034607.GF29452@ravel.coda.cs.cmu.edu>
2002-09-08 22:04                               ` Luca Barbieri
2002-09-09  6:22                                 ` Jan Harkes
2002-09-09 11:17                                   ` Luca Barbieri [this message]
2002-09-01 14:33             ` Luca Barbieri
2002-09-01 16:38               ` Trond Myklebust
2002-09-01 18:42                 ` Luca Barbieri
2002-09-01 19:25                   ` Trond Myklebust
2002-09-01 21:36                     ` Luca Barbieri
2002-09-01 15:15           ` Daniel Phillips
2002-09-01 15:35             ` Luca Barbieri
2002-08-31 19:51 ` Luca Barbieri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1031570265.16159.130.camel@ldb \
    --to=ldb@ldb.ods.org \
    --cc=jaharkes@cs.cmu.edu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox