[OpenAFS-devel] Unprotected PAGs

Russ Allbery rra@stanford.edu
Wed, 21 Sep 2005 12:04:16 -0700


Alexander Bostr=F6m <abo@e.kth.se> writes:

> I like my PAGs unprotected. That is, without the setgroups wrapper. So I
> wrote a patch (attached) that adds an option to libafs to turn off the
> syscall table changes. I'd be happy to see it included in the official
> distribution.

Could you make this an afsd startup option?  There's an open bug in Debian
that would be at least partially addressed by letting people run AFS in
this mode (someone asking for a way to escape PAGs), but compile-time
options are a real pain for distributions.  We can't really ship multiple
versions built with different options easily.

> Getting out of a PAG can be useful sometimes, for example when starting
> deamons.

> If httpd is allowed to, it will break out of the PAG (if started from a
> PAG:d shell). That means that the problem of getting into the same PAG
> as httpd disappears, which makes it possible to use cron to update the
> token for the httpd user.

Yeah, there are some definite advantages to running web servers and
similar token-needing daemons outside of a PAG.

--=20
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>