[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The auth interface on L4-Hurd
|
From: |
Wolfgang Jährling |
|
Subject: |
Re: The auth interface on L4-Hurd |
|
Date: |
Thu, 1 Aug 2002 22:52:39 +0200 |
|
User-agent: |
Mutt/1.0.1i |
Wolfgang Jährling <address@hidden> wrote:
> b) The auth server could try to verify that the handle he got from the
> server is something that refers to the user, but as handles can, like
> ports, be passed around, this does not work.
I think I was wrong here. But what we _will_ need is an RPC from auth
to the user to make sure the handle we got from the server is ok.
But, do we maybe have a race condition here? When the server has made
the RPC to the user to move his handle to auth, but before he does the
auth_server_authenticate, someone else might make the
auth_server_authenticate for him, guessing the correct handle number. How
can this be prevented?
Cheers,
GNU/Wolfgang
--
Wolfgang Jährling <address@hidden> \\ http://stdio.cjb.net/
Debian GNU/Hurd user && Debian GNU/Linux user \\ http://www.gnu.org/
The Hurd Hacking Guide: http://www.gnu.org/software/hurd/hacking-guide/
["We're way ahead of you here. The Hurd has always been on the ]
[ cutting edge of not being good for anything." -- Roland McGrath ]
Re: The auth interface on L4-Hurd, Marcus Brinkmann, 2002/08/01