Re: Thoughts on credential switching
From: Florian Weimer
Date: Thu Mar 27 2014 - 11:41:49 EST
On 03/27/2014 02:01 AM, Andy Lutomirski wrote:
Essentially, it's a performance problem. knfsd has override_creds,
and it can cache struct cred. But userspace doing the same thing
(i.e. impersonating a user) has to do setresuid, setresgid, and
setgroups, which kills performance, since it results in something like
five RCU callbacks per impersonation round-trip.
Do you mean setfsuid instead of setresuid?
--
Florian Weimer / Red Hat Product Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/