From owner-freebsd-hackers@FreeBSD.ORG  Tue Aug 30 13:29:12 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8450C16A41F;
	Tue, 30 Aug 2005 13:29:12 +0000 (GMT) (envelope-from bushman@rsu.ru)
Received: from mail.r61.net (mail.r61.net [195.208.245.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 251A143D46;
	Tue, 30 Aug 2005 13:29:10 +0000 (GMT) (envelope-from bushman@rsu.ru)
Received: from stinger.cc.rsu.ru (stinger.cc.rsu.ru [195.208.252.82])
	by mail.r61.net (8.13.4/8.13.4) with ESMTP id j7UDSmZW051676;
	Tue, 30 Aug 2005 17:28:48 +0400 (MSD) (envelope-from bushman@rsu.ru)
Date: Tue, 30 Aug 2005 17:32:52 +0400 (MSD)
From: Michael Bushkov <bushman@rsu.ru>
X-X-Sender: bushman@stinger.cc.rsu.ru
To: Dan Nelson <dnelson@allantgroup.com>
In-Reply-To: <20050829163025.GA25664@dan.emsphone.com>
Message-ID: <20050830172127.E5409@stinger.cc.rsu.ru>
References: <20050827170633.Y5409@stinger.cc.rsu.ru>
	<43123F3B.8070002@FreeBSD.org>
	<20050829115740.N5409@stinger.cc.rsu.ru>
	<20050829163025.GA25664@dan.emsphone.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: ClamAV version 0.86.2,
	clamav-milter version 0.86 on asterix.r61.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-5.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=ham version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on asterix.r61.net
Cc: Jacques Vidrine <nectar@freebsd.org>, freebsd-hackers@freebsd.org,
	Doug Barton <dougb@freebsd.org>,
	Brooks Davis <brooks@freebsd.org>, freebsd-current@freebsd.org
Subject: Re: [PATCH] caching daemon release and nsswitch patches
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2005 13:29:12 -0000

On Mon, 29 Aug 2005, Dan Nelson wrote:

We can't ensure that, I guess. In the upcoming version (before the 1st of 
September), the cache would be per-user. This would solve all the security 
problems. In a little while, I'll implement the ability for cached to act 
as nscd. So you'll be able to choose the behaviour.

> In the last episode (Aug 29), Michael Bushkov said:
>> There is some information in my project's description here:
>> http://wikitest.freebsd.org/moin.cgi/NsswitchAndCachingTechnicalDetails
>
> One question that comes to mind:
>
> It looks like the end-user application is still responsible for
> performing nss lookups.  How do you ensure that one user can't poison
> the cache and cause problems for other users?  Could cached do all nss
> operations itself (making it more like nscd in other OSes)?
>
> --
> 	Dan Nelson
> 	dnelson@allantgroup.com
>

With best regards,
Michael Bushkov
Rostov State University