On Thu, Nov 3, 2011 at 3:39 PM, Trond Myklebust <Trond.Myklebust@xxxxxxxxxx> wrote: >> What I had in mind was something like PAGs or keyrings. Or, to be >> much more specific, search for my name and the string "credentials >> process groups" -- a PAG on steroids. >> >> The idea is that the IPC peer can observe the other's >> PAG/keyring/CPG/whatever and use that to find the correct credentials >> (authorization is still required though). > > Linux already has per-user, per-process and per-thread keyrings which > offer a high security storage solution for keys. The problem with those > is that they are difficult to use in an asynchronous context when the > original user's process/thread context is no longer available to us. For async IPC methods you'd want something like SCM_CREDENTIALS to give you the keyring/PAG/whatever information you need abou thte peer. The ancillary data should be complete enough that you can past the client process/thread being dead, although it's nice to not have to process a request from a dead entity... For sync IPC you need something like door_ucred(). And for sync IPC you can make sure to get SIGCANCEL or equivalent when the client gets canceled (this is the default in doors). > Ideally, though, that's what we'd like to see used. Agreed! Nico -- -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html