Re: [RFC] getgroups2 system call

[manu%netbsd.org@localhost (Emmanuel Dreyfus)]

Thor Lancelot Simon <tls%panix.com@localhost> wrote:

> > At this point, I think I will fetch secondary groups through sysctl,
> > this seems to be the point of least resistance.
> 
> You are not worried about security issues resulting from the fact
> that time will pass, and the process may do other operations which
> modify its credentials, before the operation completes?

I explored the option of modifying the FUSE protocol, and that is
though. We can easily negociate an extended FUSE header that contains
secondary groups, and I already submitted a patch that does exactly
that, but then we face two conflicting requirements:

- a fixed lentgh header is highly desirable for performance
optimization. For instance glusterfs fetches the header and the data
using readv(2) with an iovec that has two slots. That way it gets write
date aligned on a page boundary.

- a fixed length header means an array of secondary groups with
NGROUPS_MAX slots, but Linux's NGROUPS_MAX is 65536, which means an
insane waste of space. Therefore we need an array of secondary groups
that is not bigger than the used slots.

As a tradeoff between the two requirements, I proposed that the
filesystem could request a minimum size for secondary group array. That
way, the header would be of fixed length most of the time, except when
there are many groups (something that can only happen on Linux: NetBSD's
NGROUPS_MAX is much more reasonable). Big amount of secondary groups
kill write optimization, but the filesystem can always be configured to
request on initialization a bigger minimal secondary group aray size, if
desired. That last proposal has been considered "a series of hacks to
make it confirm to the requirements", therefore I am left with fetching
secondary groups asynchrnously through sysctl.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost