Re: In-kernel Authentication Tokens (PAGs)

From: Chris Wright
Date: Tue Jun 15 2004 - 17:30:25 EST

Next message: Chris Wright: "[PATCH] fix simple_strtoul base 16 handling"
Previous message: Jeff Garzik: "Re: calling kthread_create() from interrupt thread"
In reply to: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* David Howells (dhowells@xxxxxxxxxx) wrote:
> You might want to look at this patch. It's what I've come up with to support
> kafs, but it's general, and should work for anything. It's been built along
> Linus's guidelines, and has Linus's approval, contingent on something actually
> using it fully.
>
> You can use the session keyring number as a PAG ID if you wish.
>
> I've a sample aklog program (key submission) should you be interested.

I'd be intereseted. BTW, I just took a brief look and had a quick
question.

> + if (bprm->e_uid != current->uid)
> + suid_keys(current);
> + exec_keys(current);
> +

would the security module be expected update/revoke keys if the thing changes
security domains on exec?

> task_lock(current);
> unsafe = unsafe_exec(current);
> security_bprm_apply_creds(bprm, unsafe);

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "[PATCH] fix simple_strtoul base 16 handling"
Previous message: Jeff Garzik: "Re: calling kthread_create() from interrupt thread"
In reply to: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]