[security-discuss] Re: [OpenAFS] Hardware Grants from Sun

Nicolas Williams Nicolas.Williams@sun.com
Mon, 26 Feb 2007 00:34:43 -0600


On Sun, Feb 25, 2007 at 06:47:38PM -0800, Henry B. Hotz wrote:
> On Feb 23, 2007, at 10:10 PM, Nicolas Williams wrote:
> >BTW, a PAG facility that's faithful to the AFS notion of PAGs  
> >should be
> >relatively easy to specify and implement for Solaris, but it will be
> >more involved than you might have thought.  That's because we have
> >proc(4), proc(1), truss(1) and ucred_get(3C) to worry about, plus
> >libproc.  So we're talking about:
> 
> Does it still need to be that involved if all it is is an index number?

IMO, yes: for observability (truss, proc) and more (ucred_getpag() or
something, so that daemons can use an IPC client's PAG).

This opinion is based on: a) experience watching ARC cases, b) personal
opinion.  But my opinion isn't the necessarily the one you want here: an
ARC member's opinion is.

Task IDs are very close to PAGs in semantics, so you can see from tasks
that syscall, procfs and CLI work is needed to be on par with task IDs
for functionality.  (Though task IDs are not visible through ucred;
perhaps it was thought that the project ID is much more useful there,
but for PAGs it's clearly useful to be able to observe them through
ucred.)

Relevant man pages: settaskid(2), ucred_get(3C), newtask(1), and proc(4)
(but not proc(1) -- newtask(1) covers the CLI angle).

Nico
--