[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
exec server protocol
|
From: |
Marcus Brinkmann |
|
Subject: |
exec server protocol |
|
Date: |
Tue, 20 May 2003 19:41:22 +0200 |
|
User-agent: |
Mutt/1.5.3i |
Hi,
I have a small question. The exec server has the option to create a new
task instead using the old one, but the PID etc is reused (proc_reassign).
This option is on by default for secure exec.
What is the rationale behind this? There are two states that can not be
replaced otherwise:
* Get a new task port from Mach so that old rights to the task port are no
longer valid.
* Clear the IPC space (ie deallocate all send and receive rights not
explicitely passed to the new task).
Do I miss anything? Only the first reason seems critical to me. Clearing
the IPC space doesn't appear to be necessary to achieve security.
The reason I ask is that I can achieve the first goal in an L4 port without
creating a new task and invalidating the old PID (even for a short time),
because doing so would cause other complications (see my next mail to the L4
list). The second point in the list would be difficult to achieve
otherwise, though, and I would like to not have to do so for exec.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/
- exec server protocol,
Marcus Brinkmann <=