From owner-freebsd-arch@FreeBSD.ORG Thu May 28 13:53:09 2009 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4BE5F1065670; Thu, 28 May 2009 13:53:09 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 1D3CF8FC1F; Thu, 28 May 2009 13:53:09 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id C618646B2C; Thu, 28 May 2009 09:53:08 -0400 (EDT) Received: from jhbbsd.hudson-trading.com (unknown [209.249.190.8]) by bigwig.baldwin.cx (Postfix) with ESMTPA id AD7738A02C; Thu, 28 May 2009 09:53:07 -0400 (EDT) From: John Baldwin To: freebsd-arch@freebsd.org Date: Thu, 28 May 2009 08:12:52 -0400 User-Agent: KMail/1.9.7 References: <20090528000147.GB3704@isilon.com> <74fe56020905272133r3f2ab491t962c6d0fe900e9d0@mail.gmail.com> <74fe56020905272148q680cdc05tb572d576a4c3ff2b@mail.gmail.com> In-Reply-To: <74fe56020905272148q680cdc05tb572d576a4c3ff2b@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905280812.52431.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Thu, 28 May 2009 09:53:07 -0400 (EDT) X-Virus-Scanned: clamav-milter 0.95 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx Cc: Zachary Loafman , steven.danneman@isilon.com, Sujit K M Subject: Re: pthread_setugid_np X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 13:53:09 -0000 On Thursday 28 May 2009 12:48:17 am Sujit K M wrote: > As per the Apple Documentation: > > In some cases it is helpful to impersonate the user, at least as far > as the permissions checking done by the BSD subsystem of the kernel. A > single-threaded daemon can do this using seteuid and setegid. These > set the effective user and group ID of the process as a whole. This > will cause problems if your daemon is using multiple threads to handle > requests from different users. In that case you can set the effective > user and group ID of a thread using pthread_setugid_np. This was > introduced in Mac OS X 10.4. > > (AT) http://developer.apple.com/technotes/tn2005/tn2083.html > > > I think this is a part of the BSD (Mach) subsystem. It has never been in BSD outside of OS X. BSD from UC Berkeley did not support kernel threads and you are free to check the CVS history of the various kern_prot.c files on other BSD's yourself. There is no BSD code to do this, and you could not use Darwin's code directly on FreeBSD anyway since the two OS's manage credential state differently. -- John Baldwin