On 08/01/2013 01:39 PM, David Howells wrote: > The uid is -1 or the user's own UID for the user's own cache or the uid of some > other user's cache (requires CAP_SETUID). This permits rpc.gssd or whatever to > mess with the cache. Is the goal here eventually to be able to avoid the upcall to rpc.gssd entirely? It seems a little bit roundabout to have the kernel call up into userspace for the credentials, only to talk to a process which then calls back into the kernel for something that the kernel has already well-defined internally. It seems like a non-privileged user could use this to store arbitrary data in this keyring as a way of hiding what would otherwise be filesystem activity or using it for some sort of odd/sneaky IPC mechanism. Is this an intentional side effect? Sorry if these are obvious questions. feel free to point me to already-documented answers if they exist. Thanks for all your work on this! Regards, --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
