Posted Sep 28, 2007 22:53 UTC (Fri) by filker0
Parent article: Credential records
How does this work with fork()? Does the new process end up with a pointer to the cred structure of its parent (reference count incremented, of course) until the new process makes a change?
I am somewhat bothered by the mirroring of task_struct information. It seems that a lot of extra overhead and churn by this, since each such change would allocate a new cred structure, copy data into it, then potentially discard the old one. Fragmentation is a danger of such an approach. I don't know enough to know how often this happens, though. I have this gut feeling that I'm missing something.
On VMS, any task could turn off any privs that it didn't need. I'm a bit fuzzy on whether this persisted to the end of the task or whether a task could regain the surrendered privilege (I know that, with the "SETPRIV" privilege connected to the user credentials, a task could, but without, I'm can't recall). I can see this adding better security, so the extra overhead might be worth it.
The number of added calls (one on most system calls, if I read the text correctly), even if update_current_cred() is very efficient, also worries me; I'm an embedded programmer, and I know just how much overhead a call can add if its on a critical path.
to post comments)