On Sep 21, 2005, at 14:29:54, David Howells wrote:
(3) Key handles (which I've been asked for before).
This involves detaching the permissions and suchlike from the key
into a "handle" which can then be cloned. A temporary handle could
then be used to hold the possession attribute and the other
permissions at the time of the access.
The downside of this is that it's quite a big change. It also makes
joining session keyrings way more "interesting". It does have some
nice features though.
Are there any plans to implement this functionality in the near
future? It would complement the existing security model nicely by
allowing a process to clone its key handle either explicitly (with a
keyctl call) or implicitly (by passing it over a file handle to
another process), and then later revoke the cloned handle and all
handles cloned from it with a single call, much as one can SIGKILL an
entire process group with a single kill(). It seems that a key
handle would be little more than a special sort of file handle
attached to a key. I'm curious what issues you've found with joining
session keyrings. I haven't thought about that part specifically,
but it seems that perhaps there should be a set of "default"
permissions and attributes that are associated with a new lookup-by-
key-id handle.
Cheers,
Kyle Moffett
--
There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult.
-- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
