porting CCAPI to UNIX
Nicolas Williams
Nicolas.Williams at sun.com
Tue May 8 11:37:25 EDT 2007
On Wed, May 02, 2007 at 06:25:09PM -0400, Ken Hornstein wrote:
> I can only tell you what I did. At login time our credential cache
> code creates a Unix domain socket (using socketpair()), uses dup2()
> to make the descriptor the maximum value possible (you look at the
> maximum number of descriptors available via getrlimit()) and use
> setrlimit to make the maximum descriptor one below that. E.g, say
> the maximum descriptor value is 1023; you use dup2() to make your
> communication descriptor 1023, and use setrlimit() to make the
> maximum descriptor value 1022. This doesn't _prevent_ processes
> from closing the descriptor, but in my experience they all stop
> closing descriptors at the maximum descriptor limit. So all processes
> that are children of login get this descriptor in their environment
> and they use it to communicate with a credential cache server that
> is forked off as part of the login process (it's more complicated
> than that, but that's the key bit of magic). This provides
> per-login-session semantics that seems to be pretty secure (of
> course it is not perfect).
>
> I've been using this in production for ... oh, almost three years
> now, on a wide variety of Unixes (off the top of my head: tons of
> different Linuxes, Solaris, AIX, HP/UX, Irix; it works fine on MacOS
> X but we prefer the CCAPI on that platform), and I am continually
> surprised how well it works. We haven't had any problems with it.
>
> I admit that it's gross ... but if you can tell me of a portable
> solution that has the same semantics, I would love to hear about
> it.
Watch out: closefrom(3C) on Solaris uses fdwalk(3C), which readdirs
/proc/self/fd/ to find open file descriptors. I.e., lowering the fildes
limits does not protect file descriptors > the fildes limit against
closefrom(3C).
http://src.opensolaris.org/source/xref/onnv/aside/usr/src/lib/libc/port/gen/closefrom.c#54
Also, how do you track which fildes is the magic fildes? Do you just
add 1 to the fildes limit?
Nico
--
More information about the krbdev
mailing list