Subject: Re: PAM
To: NetBSD-current Discussion List <>
From: Love <>
List: current-users
Date: 09/25/2002 19:28:02 (Greg A. Woods) writes:

> For "bit-rotting research projects" I suspect you're referring to Robert
> Watson's experimental implementation of a new design in FreeBSD (and
> perhaps Linux too?):

With the exception that this still requires PAM since there is no way to
modify another process's pag.

> Watson does also advocate PAM, it's not a fundamental part of the design
> he promotes.

It is, since there is no set_pag_for_pid() in his api.
> Douglas Engert has also implemented some interesting ideas in this area:

Same thing here.

Modifying all programs (adding setpag()) that needs to create a new pag
sucks big time.
> The basic idea though is trivial.  Keeping the PAG directly in the proc
> structure where it should have been put in the first place instead of
> over-loading the group list, and allowing a child process, or even a
> sufficiently privileged random "unrelated" process, to set the PAG for a
> given process is only a SMOP.  :-)

Groups are stored of the proc structure. In AFS there is a setpag syscall
that is unrestricted. The only problems I see with using the groups as pag
is that you have to hook setgroups. This makes it a evil hack that should