[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Getting the control port from a translator

From: Neal H Walfield
Subject: Getting the control port from a translator
Date: Fri, 15 Jun 2001 20:04:32 -0500
User-agent: Mutt/1.3.18i

A while ago, specifically, on March 31 in, I noticed
that users are not able to get the control port from an active
translator even if they can control it (that is attach to it with a
debugger, send signals, etc.) This can clearly be seen in
diskfs_S_file_getcontrol (hurd/libdiskfs/file-getcontrol.c):

        if (!idvec_contains (cred->user->uids, 0))
          error = EPERM;
            /* Return a send right to the control port.  */

I proposed that we introduce a new function called fshelp_cancontrol,
which takes a `struct iouser *'.  This function would return 0 if the
user was root or one of the user's ids matched one of process's ids.

Roland replied saying that he wanted a ``more comprehensive solution
that ties up all the code related to this''  and proposed the function
fshelp_isroot as in ``keeping with fshelp_isowner, it might be natural
to call this fshelp_isroot instead of cancontrol.''  This function would
take a stat structure or an idvec and an iouser.  As for the actual
check, it would return true if the iouser could control the stat/user.
Using this, we could compare against the uid of the underlying node or
the calling process's ids -- depending on what we decided was best.  He
also claimed that this would be useful in other situations such as in

        err = fshelp_isroot (&diskfs_underlying_stat, cred->user);
        if (!err)
          err = fshelp_isowner (&np->dn_stat, cred->user);
          if (!err                                        
              && ((uid != (uid_t) -1
                   && !idvec_contains (cred->user->uids, uid))
                  || (gid != (gid_t) -1
                      && !idvec_contains (cred->user->gids, gid))))
            err = EPERM;
        if (!err)
            ... do it ...

I replied stating that I did not like the name of the function and
preferred ``fshelp_iscontroler'' to ``fshelp_isroot.''  I also said that
we should use both forms to determine authorization:  if a process has
the required identification to access the node or if it has the required
identification to dominate the effective (and only the effective) id of
the server it should get a send right to the control port.

Roland said he preferred only the former as it was simpler.

I am looking for comments before I implement a fshelp_iscontroler which
takes both a stat and an iouser and checks against both the
aforementioned criteria.

Attachment: pgpbCakEXeH9e.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]