[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Dazuko-devel] 2.1.0-pre3 posted
From: |
Tikka, Sami |
Subject: |
RE: [Dazuko-devel] 2.1.0-pre3 posted |
Date: |
Thu, 7 Apr 2005 18:43:51 +0300 |
>-----Original Message-----
>From: John Ogness [mailto:address@hidden
>Sent: Thursday, April 07, 2005 4:43 PM
>To: Tikka, Sami
>Cc: address@hidden
>Subject: Re: [Dazuko-devel] 2.1.0-pre3 posted
>
>> int dazukoRegisterTrusted(const char *groupName, const char *token,
>> int trust_children);
>
>What is meant by child processes - threads, forks, both?
>
>If a thread registers with trust_children=1, does Dazuko trust
>the parent also?
Yes, that was my meaning. dazukoRegisterTrusted would make the caller and
optionally its children trusted. Perhaps the parameter name should be changed
to "also_children" or something.
As for the question about threads and/or forks, I was under the impression
that on Linux they are the same thing as far as the kernel is concerned. What
I mean is that is it even possible to tell threads and processes apart in a
Linux kernel module?
I no longer remember how they work on FreeBSD and Solaris (It has been 6
years since I last coded something in FreeBSD kernel and 4 years since my
Solaris kernel days.)
I would be happy if also_children applied to forked processes. If it applies
to threads too, it would be a bonus. (I think if you trust one thread in the
process, you really have to trust everything running in the same address
space.)
>When a trusted process does a fork-exec, do I trust this new
>process as well?
Good question. I think you can make an argument for both cases. I only fork,
so exec is not important for me. Perhaps we can have an opinion from others
who want to use TAF?
>I like the idea of providing an option to trust "related
>processes", but I
>am concerned about the overhead. It would mean that when an
>access event
>occurs, Dazuko must search through all trusted processes and check if
>somehow this process is "related" to one of them. This might
>be expensive.
>Expensive is ok if it is justified. It is much cheaper if
>Dazuko knows ahead
>of time who can be trusted and who not.
In Linux every task has a pointer to its parent task and I don't think the
depth of the tree is usually very deep. And anyway, you would be walking the
tree up towards the root. Something like the following pseudo-code:
int is_trusted_process(process *p, int child_process)
{
if (is_member(list_of_trusted, p, child_process))
return 1;
return is_trusted_process(p->parent, 1);
}
And, like you said, the complexity is in the is_member() that would have to
search a list of trusted processes. Preferably the list would be indexed with
the kernel process struct pointer. However, I would guess that usually the
amount of processes that have called dazukoRegisterTrusted() is small, small
enough to be kept in a linked list. (Dazuko used to keep a linked list of
open files :)
--
Sami Tikka tel. +358 9 2520 5115
senior software engineer fax. +358 9 2520 5014
mobile +358 40 7379388
F-Secure Corporation http://www.f-secure.com
BE SURE