From owner-freebsd-current@FreeBSD.ORG  Wed Aug 31 19:14:27 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B381616A41F
	for <freebsd-current@freebsd.org>; Wed, 31 Aug 2005 19:14:27 +0000 (GMT)
	(envelope-from bushman@rsu.ru)
Received: from mail.r61.net (mail.r61.net [195.208.245.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BFAC643D45
	for <freebsd-current@freebsd.org>; Wed, 31 Aug 2005 19:14:26 +0000 (GMT)
	(envelope-from bushman@rsu.ru)
Received: from stinger.cc.rsu.ru (stinger.cc.rsu.ru [195.208.252.82])
	by mail.r61.net (8.13.4/8.13.4) with ESMTP id j7VJE6xH012923;
	Wed, 31 Aug 2005 23:14:06 +0400 (MSD) (envelope-from bushman@rsu.ru)
Date: Wed, 31 Aug 2005 23:18:19 +0400 (MSD)
From: Michael Bushkov <bushman@rsu.ru>
X-X-Sender: bushman@stinger.cc.rsu.ru
To: Jilles Tjoelker <jilles@stack.nl>
In-Reply-To: <20050831190059.GA23652@stack.nl>
Message-ID: <20050831231233.T72814@stinger.cc.rsu.ru>
References: <20050827170633.Y5409@stinger.cc.rsu.ru>
	<43123F3B.8070002@FreeBSD.org>
	<20050829115740.N5409@stinger.cc.rsu.ru>
	<20050829163025.GA25664@dan.emsphone.com>
	<20050830172127.E5409@stinger.cc.rsu.ru>
	<20050831190059.GA23652@stack.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: ClamAV version 0.86.2,
	clamav-milter version 0.86 on asterix.r61.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-5.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=ham version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on asterix.r61.net
Cc: freebsd-current@freebsd.org, Dan Nelson <dnelson@allantgroup.com>
Subject: Re: [PATCH] caching daemon release and nsswitch patches
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2005 19:14:27 -0000

> On Tue, Aug 30, 2005 at 05:32:52PM +0400, Michael Bushkov wrote:
>> We can't ensure that, I guess. In the upcoming version (before the 1st of
>> September), the cache would be per-user. This would solve all the security
>> problems. In a little while, I'll implement the ability for cached to act
>> as nscd. So you'll be able to choose the behaviour.
>
> What about setuid/setgid programs then?
>
> setuid root programs can use root's cache, perhaps a similar thing could
> be done for other setuid programs, but what about setgid?
>
> perhaps don't cache at all for set*id programs (issetugid(2))?
Per-user cache uses euid as the user identifier. So every setuid program
will use the cache, which corresponds to its euid.
But how can setgid affect the cache operations? Do you see some potential 
issue?

With best regards,
Michael Bushkov
Rostov State University