[OpenAFS-devel] setgroups() fails to change pag under linux 2.6
David Thompson
thomas@cs.wisc.edu
Fri, 21 Jul 2006 14:53:31 -0500
Jeffrey Hutzelman wrote:
>>
>> Yes, the authentication wrapper is suid root.
>
>So arrange for your wrapper to set a new PAG before changing its UID, and
>the one-PAG-per-second limit won't apply. Then just make sure you reboot
>your servers often enough to avoid rollover (at least once every 2^24 PAG's)
This is still unacceptable, because as soon as root has exceeded the
one-pag-per-second based on the uptime of the host, mere mortal users will
_never_ receive a pag until root stops requesting them. That doesn't work for
us.
Providing root a bypass on the one-pag-per-second seems fundamentally broken
to me, if it means that non-uid=0 processes can get starved.
I'm also concerned about your last statement, and how I validate
pag-non-rollover in a verifiable manner. My guess is that most admins simply
ignore it and hand-wave "Oh, that will never happen." We need stronger
guarantees. Actually checking the current pag count from time to time
requires very detailed knowledge of how the pag is represented in the groups,
and is something that the solution we're using doesn't require.
Dave