[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The auth interface on L4-Hurd

From: Wolfgang Jährling
Subject: Re: The auth interface on L4-Hurd
Date: Thu, 1 Aug 2002 22:52:39 +0200
User-agent: Mutt/1.0.1i

Wolfgang Jährling <address@hidden> wrote:
> b) The auth server could try to verify that the handle he got from the
>    server is something that refers to the user, but as handles can, like
>    ports, be passed around, this does not work.

I think I was wrong here.  But what we _will_ need is an RPC from auth
to the user to make sure the handle we got from the server is ok.

But, do we maybe have a race condition here?  When the server has made
the RPC to the user to move his handle to auth, but before he does the
auth_server_authenticate, someone else might make the
auth_server_authenticate for him, guessing the correct handle number.  How
can this be prevented?


Wolfgang Jährling  <address@hidden>  \\  http://stdio.cjb.net/
Debian GNU/Hurd user && Debian GNU/Linux user \\  http://www.gnu.org/
The Hurd Hacking Guide: http://www.gnu.org/software/hurd/hacking-guide/
["We're way ahead of you here. The Hurd has always been on the    ]
[ cutting edge of not being good for anything." -- Roland McGrath ]

reply via email to

[Prev in Thread] Current Thread [Next in Thread]