This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: dumb question


Hello!

> > The BSD implementation ignores what the sender passed in and supplies
> > the receiver with the pid, the real and effective uid, the real and
> > effective gid, and the first 15 entries in the supplementary groups
> > list.
> 
> Well we actually wrote it first so blah 8) 

Alas, the first was SunOS-5.

> The BSD implementation of group passing seems to be nice
> 
> > So: would the kernel people be willing to change SCM_CREDENTIALS to
> > work the BSD way?  I don't think the Linux way has any installed base
> > of user code to speak of.
> 
> You need to ask Alexey <kuznet@ms2.inr.ac.ru>. It looks good to me. Since
> we have no standard and they have a better design IMHO I think we should
> bite the bullet on this one for the good of unix security in general.
> 
> (Alexey if you think this is OK I'll do the changes)

I do not think that it is OK.

About group IDs: it sounds good but there is one technical
problem here. Our implentation ALWAYS stores credentials and
we have no room for storing group ids and, in any case,
it would be too expensive. Besides that, I found no useful
applications for it. 8) At least, original inventor (Solaris)
uses only euid, even gid is not used. And the reasons for this
are clear, see below.

About BSD variant. I thought for pretty long time,
before I choosed this variant with only ONE uid and
only ONE gid and chance to user to select one
from set of allowed values (*id,s*id,e*id).
I still believe it was correct decision.

Do not forget also that unix group ids and differences
between uid/suid/euid etc. are almost non-sense in networked
environment. If we want good security, we will use "principals"
and access lists in any case. Sure, suppl. groups are much faster,
when used inside host, but their real value in networked
cluster are zero, so that I see no reasons to rely on
them even locally.

>                    I don't think the Linux way has any installed base
> of user code to speak of.

8)8) Zack, all this base is our cluster. For me, it is the most
important place to speak of, if not the only one.
It's joke, joke 8)8) Though, you should understand I have no desire
to recompile all the things.

Alexey


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]