porting CCAPI to UNIX
Nicolas.Williams at sun.com
Wed May 9 17:08:08 EDT 2007
On Wed, May 09, 2007 at 05:00:23PM -0400, Ken Raeburn wrote:
> On May 9, 2007, at 15:44, Ken Hornstein wrote:
> >> Unless someone's going to implement cross-session ptrace restrictions
> >> and the like, there's little point in trying to do enforced
> >> isolation.
> > I understand that line of reasoning ... but exactly how far do you
> > want
> > to take that logic?
> Perhaps I misspoke: I don't think it's worthwhile to invest
> significant effort or runtime cost or complexity in making it hard
> for one process to access the credentials of another process under
> the same uid, if ptrace and /proc are still going to get around the
> restrictions easily.
> If someone is going to invest serious effort in isolation of sessions
> from one another, then yes, ccache access should be done too.
I think the ability to have per-session ccaches follow from being able
to have cross-session process isolation (the reverse, OTOH, is not
true), provided that there is some identifier for the session.
More information about the krbdev