Re: [RFC] getgroups2 system call

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: [RFC] getgroups2 system call
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Tue, 13 Dec 2011 14:43:56 +0000

On Tue, Dec 13, 2011 at 02:19:30PM +0000, Emmanuel Dreyfus wrote:
 > A third way was suggested on the fuse-devel mailing list: adding a
 > system call to retreive a process' secondary groups. The prototype
 > would be moddled on getgroups(2):
 > 
 >      int getgroups2(int gidsetlen, gid_t *gidset, pid_t pid);
 > 
 > Il this is preferred, it could also be named getgroupspid(2)

Ugh.

I don't like it. The credentials for an operation should be passed
along with the operation, not fetched through a side channel. Even if
the operation is completely synchronous, using a side channel like
this is at best bodgy. If it's not completely synchronous, it's doomed
to fail horribly.

This interface would also make it permanently impossible to run fuse
servers with reduced privilege.

I would argue that if what you need is a hack, fuse itself was never
meant to be fast and so sysctl is an adequate method; if you want to
do it right, extend the protocol correctly.

(And in any event, it should be "int getpidgroups(pid_t pid, int
gidsetlen, gid_t *gidset)".)

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- [RFC] getgroups2 system call
  - From: Emmanuel Dreyfus

Prev by Date: [RFC] getgroups2 system call
Next by Date: EOPNOTSUPP / ENOTSUP
Previous by Thread: [RFC] getgroups2 system call
Next by Thread: Re: [RFC] getgroups2 system call
Indexes:

Home | Main Index | Thread Index | Old Index