[322] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: the dangers of not using unlog

daemon@ATHENA.MIT.EDU (Richard Basch)
Fri Sep 20 13:09:52 1991

Date: Fri, 20 Sep 91 12:03:11 -0400
To: Wallace Colyer <wally+@andrew.cmu.edu>
Cc: Cal_Thixton@next.com, info-afs@transarc.com
In-Reply-To: Wallace Colyer's message of Thu, 19 Sep 1991 23:59:37 -0400 (EDT),
From: "Richard Basch" <basch@MIT.EDU>


   Date: Thu, 19 Sep 1991 23:59:37 -0400 (EDT)
   From: Wallace Colyer <wally+@andrew.cmu.edu>
   References: <9109200316.AA03346@tinman.NeXT.COM>
	. . .
   Unfortunately, though AFS provides the ability to get a tokens from the 
   kernel and set it in another process, it does not allow for a process 
   even as root to set it's pag to a specific pag, so you cannot give a
   process the credentials of another process in such a way that they will
   be maintained over time when something is reauthentcated.  This is 
   because if you want a already running process to have the credentials of
   a process that is strarted from somewhere else and change as they change
   over time you cannot.

Actually, there is a formula for translating the first two groups into a
PAG.  Also, if the first two groups do not translate into a valid PAG,
your PAG is considered to be your uid.

A non-uid PAG is of the form:

	0x41yyyyyy

(The kernel code makes sure the high-order 8 bits is an 'A').

The exact formulas and tests can be seen in afs/afs_vnodeops.c for those
who have source.

Root can easily set its grouplist to be anything via the setgroups()
call, and if the first two groups form a valid PAG, they will not be
over-written with the current PAG of the process.

This is all evident from the source in afs/afs_vnodeops.c, and has been
proven by some programs here that we have written to examine active
PAGs.

-R

home help back first fref pref prev next nref lref last post