[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

[Matthew Andrews]

>
> Not really.  The user must get a file-descriptor for the key, by opening
> the file in keyfs (Requires access under keyfs permissions), or by
> receiving one from a process that sends it one.  Such a key can be
> completely revoked by the sending process at any time, and can be
> set to only provide whatever permissions are needed.
>
>> So, the "label" we use to mark connections, cached rights data, etc 
>> cannot simply be the value of the key blob.  It needs to be something 
>> the user cannot simply set to whatever he wants.
>
>
> The user can set it to whatever he wants, so long as already has it. If
> the user is never given a handle to the key, and keyfs is never mounted
> or has too-strict permissions, then he can't assign himself somebody
> else's keys.


Sure he can, if he can "guess" the value of a currently in use "pagnum"
he can join it by allocating a new key and addigning it the "guessed"
value. I guess the thing here is that "what pag the process is in" needs
to be secret with this implementation, and yet in certain cases(arlad)
one or more "priveleged" processes must know the "pagnum" value for
every process on the system(so that it can issue network requests on
that process's behalf.

-Matt

>
> Cheers,
> Kyle Moffett
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCM/CS/IT/U d- s++: a17 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
> L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
> PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r  
> !y?(-)
> ------END GEEK CODE BLOCK------
>
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
>