[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

Tomas Olsson tol@stacken.kth.se
15 Jul 2004 11:57:36 +0200


Jeffrey Hutzelman <jhutz@cmu.edu> writes:
> Personally, I don't consider the inability to go back to the default
> UID pag to be a deliberate feature; it's just a side-effect of the way
> we implement PAG's (by making it so that setgroups always preserves a
> PAG) combined with the lack of any sort of switch-to-this-PAG
> operation.
> 
Love said:
  "convince me that dropping it doesn't introduce security problems".

If default PAGs are by uid, it might be possible to use root's PAG after
saying "default, please" and calling smth setuid. If the default is PAM
managed somehow, that's not a problem, and we end up with a proper jail?

Do we want the switch-to-this-PAG thing?

/Tomas