Re: In-kernel Authentication Tokens (PAGs)

From: Kyle Moffett
Date: Wed Jul 07 2004 - 20:31:13 EST


On Jul 07, 2004, at 14:54, John Bucy wrote:
(1) processes with different UIDs can share the same keyring EX: I
have AFS creds (krb5 tickets) and want to run a setuid binary with
my creds.

This is relatively simple under our proposed system. Multiple
processes can be attached to a single keyring, and then the access
rights on the keyring control the processes control over it. Since
keys and keyrings are represented by file descriptors, there are two
ways to gain access to a key/keyring, via a duplicate of the file
descriptor (revokable), or (with sufficient privileges) opening a new
file descriptor using the keyringfs filesystem.

(2) a number of processes with the same UID can opt not to share
the same keyring. EX: I want to have a bunch of xterms some with
administrative rights and some with normal rights.

This is equally easy. There are several attachment points for keys
and keyrings:
thread
process
process group
session
UID
GID

If you have two processes, and you want to create keys in one that
are inaccessible in the other, then just create a new keyring tied to
the "process" attachment point in the first process, and embed the
original process key-ring in it. Then you can add administrative
keys to the new keyring, without completely giving up the old one:

EX:
I am an AFS admin in CELL1, but not in CELL2, and have
different accounts in each. I have all my process' key-ring pointers
the same, a shared key-ring in which I have my user@CELL1 and
user@CELL2 keys. Later I decide to do admin work in CELL1,
except I still need access to some of my files in CELL2, so in one
of my shells, I run "key-sh" or something to get a new shell with a
local process key-ring (It has as a child the original shared ring).
Once I have that shell, I can add my CELL1 admin keys normally.
When AFS searches for CELL1 keys it finds them in the topmost
key-ring, stops, and uses the admin ones. When is searches for
my CELL2 keys, it goes down to the shared key-ring to find them.

Cheers,
Kyle Moffett

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a17 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r !y?(-)
------END GEEK CODE BLOCK------


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/