Date: Thu, 28 May 2009 08:16:29 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-arch@freebsd.org Cc: steven.danneman@isilon.com, Zachary Loafman <zml@freebsd.org> Subject: Re: pthread_setugid_np Message-ID: <200905280816.29617.jhb@freebsd.org> In-Reply-To: <20090528000147.GB3704@isilon.com> References: <20090528000147.GB3704@isilon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 27 May 2009 8:01:48 pm Zachary Loafman wrote: > arch@ - > > Isilon has need of per-thread impersonation. We're looking at > implementing something like the pthread_setugid_np mechanism found on > OS X, loosely documented in the code: > > http://fxr.watson.org/fxr/source/bsd/kern/kern_prot.c?v=xnu-1228 > (see settid and setgroups1) > > and some here: > http://lists.apple.com/archives/perfoptimization-dev/2008/Jan/msg00043.html > > Does anyone have strong objections to Apple's APIs here? There's > obviously no portable itnerface to handle it, and it seems a little > saner to just adopt someone else's API/semantics rather than reinvent. I suppose you would implement this by having a new flag in td_pflags to indicate that the thread is using a private credential and use that to disable the automatic updating of td_ucred on syscall return and then just point td_ucred at the thread-specific credential? Hmm, the XXX in Darwin's source about P_SUGID is probably meaningful for us as we still use that flag. I would defer to Robert on how that should work though. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905280816.29617.jhb>