Coda File System

Re: process authentication groups (resent)

From: Peter J. Braam <braam_at_cs.cmu.edu>
Date: Wed, 13 May 1998 15:31:59 -0400 (EDT)
On Tue, 12 May 1998, Pavel Machek wrote:

> Hi!
> 
> > Many Unices have a "setpag" (I called it "newpag") system call through
> > which a process puts itself into a new process authentication group - a
> > new field in process structure. Mostly setpag is called by "login-type"
> > programs, and inherited by fork. This serves authentication which is
> > not necessarily uid based. 
> > 
> > Filesystems like AFS and Coda like this system for authentication and
> > SMBFS etc could equally use it to their advantage. 
> > 
> > Will you consider this mini patch which gives us "newpag" and "getpag"
> > system calls, implemented by the students cc'd above?  It puts an extra
> > unsigned long in the process structure and defines two mini syscalls and
> > an entry in the /proc/status output.
> 
> How do standart ps-tools, top and similar behave when they see this
> new field? 


I haven't had any problems -- of course it would be nice if they would
print the pag too. 


> 
> Also: we already have secondary groups. Can not they be
> used for just this purpose? Newpag would just add on-the-fly generated
> id into list of secondary groups...
> 

There are some Unix programs that manage to manipulate these secondary
groups; that could be dangerous.  I don't know which and how they do it --
I have forgotten. 


> Also: Suppose I'm root and I have pag 123. I want to exec
> potentially-dangerous program. How do I do it?
> 
> 	I used to do
> 		su nobody
> 		./program


Depends how "su" works.  If it calls PAM modules, these could arrange for
the "setpag"; you are completely right that it needs to be done. 

> 
> I do not see syscall to loose pag in there. I think it is needed. What
> do you think?
> 
> Ok, suppose root wants to sneak into someone else's PAG. How does he
> do it?

Attach gdb to the kernel and write that pag into its own process structure
-- or load a module in the kernel to do that.  Root can do anything.


> 								Pavel
> -- 
> I'm really pavel_at_atrey.karlin.mff.cuni.cz. 	   Pavel
> Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).
> 
Received on 1998-05-13 15:34:15