tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [RFC] getgroups2 system call

On Tue, Dec 13, 2011 at 02:19:30PM +0000, Emmanuel Dreyfus wrote:
 > A third way was suggested on the fuse-devel mailing list: adding a
 > system call to retreive a process' secondary groups. The prototype
 > would be moddled on getgroups(2):
 >      int getgroups2(int gidsetlen, gid_t *gidset, pid_t pid);
 > Il this is preferred, it could also be named getgroupspid(2)


I don't like it. The credentials for an operation should be passed
along with the operation, not fetched through a side channel. Even if
the operation is completely synchronous, using a side channel like
this is at best bodgy. If it's not completely synchronous, it's doomed
to fail horribly.

This interface would also make it permanently impossible to run fuse
servers with reduced privilege.

I would argue that if what you need is a hack, fuse itself was never
meant to be fast and so sysctl is an adequate method; if you want to
do it right, extend the protocol correctly.

(And in any event, it should be "int getpidgroups(pid_t pid, int
gidsetlen, gid_t *gidset)".)

David A. Holland

Home | Main Index | Thread Index | Old Index