On Monday, April 03, 2006 02:08:46 PM -0500 Nicolas Williams <[EMAIL PROTECTED]> wrote:
> File descriptors in Solaris already retain a reference to the cred_t > used to open the file. So "UID" or "PAG" is not relevant here. Neither > is "processes with that UID or PAG." What is relevant is "references to > that UID or PAG from cred_t instances." Ah, yes. If open files reference the cred_t, and that has a reference to the credentials (directly or indirectly), then you're fine. > So does Solaris. I believe one must in order to support various > standard behaviours (e.g., file descriptor passing over IPC + > distributed filesystems [NFS, AFS, CIFS, whatever]). Well, you need to do full refcounting for that, which we don't. In AFS, a reference is held on a credential while it is actually being used to establish a connection, but not otherwise. It's all mark-and-sweep, because today's operating systems don't provide the sort of zero-reference notification you're talking about. > Right. But I'd like the OS to provide a "fall to zero refcount" > facility for either "cred_t instances referencing some UID" or "cred_t > instances referencing some PAG." Why "either" and not "both"? For that matter, you could also do it for references to GID's, though I don't see any particular use for that. UID's and PAG's are very nearly orthogonal. In particular, it is _not_ the case that all processes in the same PAG have the same UID - PAG membership survives things like starting SUID binaries, which we consider a feature (after all, it's part of the same session). -- Jeff ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos