Date: Fri, 29 Mar 2002 23:16:24 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: John Baldwin <jhb@FreeBSD.org> Cc: arch@FreeBSD.org Subject: Re: curthread vs. passing thread pointers around Message-ID: <Pine.NEB.3.96L.1020329231358.73912H-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1020329230554.73912G-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 29 Mar 2002, Robert Watson wrote: > For VFS, which is a special case, I'd actually like to see both > credentials passed down the stack explicitly, meaning that worker > threads and processes in kernel don't have to tweak their active > credential in order to make a request on behalf of another thread or > process (think async io, async nfs rpc activities, etc). This actually > suggests a model something like... BTW, this would also address races and problems associated with files kept open by the kernel for kernel-sponsored activies. Right now, when the kernel "saves" a credential for use with a saved vnode, it can't guarantee that all access control uses the saved credential. Some may use the active thread credential from curthread. For example, UFS will frequently use curthread->td_ucred for authorization when writing out account or quota data, which is arguably wrong. The quota and accounting code should cache two credentials for different parts of the access control decision, and both of those should be explicitly different from curthread's. This would also fix MAC and these functions, FYI :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020329231358.73912H-100000>