Re: suidpid( UID, credential? ) ? secure IPC?

Theodore Y. Ts'o (tytso@MIT.EDU)
Mon, 6 Oct 1997 12:49:48 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Doyle: "Re: suidpid( UID, credential? ) ? secure IPC? (fwd)"
Previous message: Jakub Jelinek: "Re: Solaris"
In reply to: Gabriel Paubert: "Re: QNX+2.1.57+SMP=OPPS"

Instead of a suidpid() call, a more general, and much more interesting
mechanism to think about creating would be a "protected shared library"
mechanism.

The basic idea is that while code in a protected shared library is
executing, it has some level of privileges which is different from when
the normal program is running. Jumps into protected shared library from
the normal program is only allowed at certain "call gates", to programs
from trying to spoof the library by jumping into the middle of the
routine. Naturally, any data pages used by the protected shared library
would be read protected against the unprivileged portion of the program
unless the PSL is itself actually running.

This allows you to do all sorts of very interesting things all in
userspace, without needing extra special-purpose system calls and
without requiring an IPC mechanism. It does require a kernel
context-switch to enter and leave a PSL, but if it's done properly, that
should be the only overhead.

- Ted

Next message: Jim Doyle: "Re: suidpid( UID, credential? ) ? secure IPC? (fwd)"
Previous message: Jakub Jelinek: "Re: Solaris"
In reply to: Gabriel Paubert: "Re: QNX+2.1.57+SMP=OPPS"