Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 May 2009 08:16:29 -0400
From:      John Baldwin <jhb@freebsd.org>
To:        freebsd-arch@freebsd.org
Cc:        steven.danneman@isilon.com, Zachary Loafman <zml@freebsd.org>
Subject:   Re: pthread_setugid_np
Message-ID:  <200905280816.29617.jhb@freebsd.org>
In-Reply-To: <20090528000147.GB3704@isilon.com>
References:  <20090528000147.GB3704@isilon.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 27 May 2009 8:01:48 pm Zachary Loafman wrote:
> arch@ -
> 
> Isilon has need of per-thread impersonation. We're looking at
> implementing something like the pthread_setugid_np mechanism found on
> OS X, loosely documented in the code:
> 
> http://fxr.watson.org/fxr/source/bsd/kern/kern_prot.c?v=xnu-1228
> (see settid and setgroups1)
> 
> and some here:
> http://lists.apple.com/archives/perfoptimization-dev/2008/Jan/msg00043.html
> 
> Does anyone have strong objections to Apple's APIs here? There's
> obviously no portable itnerface to handle it, and it seems a little
> saner to just adopt someone else's API/semantics rather than reinvent.

I suppose you would implement this by having a new flag in td_pflags to 
indicate that the thread is using a private credential and use that to 
disable the automatic updating of td_ucred on syscall return and then just 
point td_ucred at the thread-specific credential?

Hmm, the XXX in Darwin's source about P_SUGID is probably meaningful for us as 
we still use that flag.  I would defer to Robert on how that should work 
though.

-- 
John Baldwin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905280816.29617.jhb>