On Thu, 23 Jan 2003, Jason R Thorpe wrote:
> As Paul and others have pointed out, BSD Auth does have some nice
> properties.  But it does have one really major drawback, that being
> the inability to modify the calling process's state (with the
> exception of environment variables, as Paul pointed out it can do),

Is it possible to enumerate the kinds of changes to the calling
process's state that should be possible?

If so, one could have a protocol for plug in modules that execute in a
different process (a la BSD Auth) to communicate the necessary changes
to a shim that lives inside the calling process (probably in a shared
library).  The protocol and the shared library shim would have to change
when new kinds of process state are added, but I hope that that would be
rare.

> with the canonical example being authentication methods (usually
> Kerberos-based ones, e.g. AFS) which have to push a token into the
> kernel (AFS, DFS, and Kerberized-NFS need this in order to be able to
> access your files).

Whatever syscall pushes tokens into the kernel could be modified to take
an extra arg saying "do it on behalf of this other process".  But this
would have interesting security implications.

--apb (Alan Barrett)