[OpenAFS] Removing the ability to change the PAG of the parent

Derrick Brashear shadow@gmail.com
Wed, 17 Feb 2010 08:07:39 -0500

On Tue, Feb 16, 2010 at 7:46 PM, Simon Wilkinson <sxw@inf.ed.ac.uk> wrote:
> We're currently (on opeanfs-devel) discussing a new mechanism for storing
> tokens in the kernel - this new mechanism is required to support new
> security layers such as rxgk and rxk5. There have been a significant number
> of posters advocating removing the 'change the PAG of my parent' feature,
> which is used by aklog -setpag, amongst others. A process would still be
> able to change its own PAG.
> There are numerous technical reasons for wanting to make this change. This
> functionality is very difficult to implement in a cross-platform manner,
> without exposing ourselves to all sorts of kernel races. On some platforms
> (such as Linux) it works on some kernel versions, but not on others. Things
> would be made considerably easier if this feature went away.
> Based on current developer feedback, I'm planning on removing the setpag
> functionality from the new interface. However, before making the final
> decision, I'm very interested in hearing the views of deployers and end
> users? How many of you rely on aklog -setpag? How difficult would things be
> for you if it went away in some future major release [*]?
> Thanks,
> Simon
> [*] Whilst I can't commented for the gatekeepers, I'd imagine that this kind
> of thing would only change with a major release hike, and certainly not
> before 1.8 given the current release plans.

There's no guarantee the feature will last that long, for precisely
the reasons you cite;
Indeed, we could at any time find a bug which makes it dangerous to
leave enabled.
However, as of this time there is no immediate plan to remove it and
certainly because it would
be a feature change we will leave it in 1.4 unless there's a security
reason not to.

At this point, whether it survives to 1.6 is still fair game.