[322] in Info-AFS_Redistribution
Re: the dangers of not using unlog
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri Sep 20 13:09:52 1991
Date: Fri, 20 Sep 91 12:03:11 -0400
To: Wallace Colyer <wally+@andrew.cmu.edu>
Cc: Cal_Thixton@next.com, info-afs@transarc.com
In-Reply-To: Wallace Colyer's message of Thu, 19 Sep 1991 23:59:37 -0400 (EDT),
From: "Richard Basch" <basch@MIT.EDU>
Date: Thu, 19 Sep 1991 23:59:37 -0400 (EDT)
From: Wallace Colyer <wally+@andrew.cmu.edu>
References: <9109200316.AA03346@tinman.NeXT.COM>
. . .
Unfortunately, though AFS provides the ability to get a tokens from the
kernel and set it in another process, it does not allow for a process
even as root to set it's pag to a specific pag, so you cannot give a
process the credentials of another process in such a way that they will
be maintained over time when something is reauthentcated. This is
because if you want a already running process to have the credentials of
a process that is strarted from somewhere else and change as they change
over time you cannot.
Actually, there is a formula for translating the first two groups into a
PAG. Also, if the first two groups do not translate into a valid PAG,
your PAG is considered to be your uid.
A non-uid PAG is of the form:
0x41yyyyyy
(The kernel code makes sure the high-order 8 bits is an 'A').
The exact formulas and tests can be seen in afs/afs_vnodeops.c for those
who have source.
Root can easily set its grouplist to be anything via the setgroups()
call, and if the first two groups form a valid PAG, they will not be
over-written with the current PAG of the process.
This is all evident from the source in afs/afs_vnodeops.c, and has been
proven by some programs here that we have written to examine active
PAGs.
-R