Re: Thoughts on credential switching

From: Florian Weimer
Date: Thu Mar 27 2014 - 11:41:49 EST

Next message: Patrick McHardy: "Re: [PATCH] netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len"
Previous message: Hugh Dickins: "Re: mm: BUG: Bad page state in process ksmd"
In reply to: Andy Lutomirski: "Re: Thoughts on credential switching"
Next in thread: Andy Lutomirski: "Re: Thoughts on credential switching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/27/2014 02:01 AM, Andy Lutomirski wrote:

Essentially, it's a performance problem. knfsd has override_creds,
and it can cache struct cred. But userspace doing the same thing
(i.e. impersonating a user) has to do setresuid, setresgid, and
setgroups, which kills performance, since it results in something like
five RCU callbacks per impersonation round-trip.

Do you mean setfsuid instead of setresuid?

--
Florian Weimer / Red Hat Product Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrick McHardy: "Re: [PATCH] netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len"
Previous message: Hugh Dickins: "Re: mm: BUG: Bad page state in process ksmd"
In reply to: Andy Lutomirski: "Re: Thoughts on credential switching"
Next in thread: Andy Lutomirski: "Re: Thoughts on credential switching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]