Re: new exec server protocol

[Marcus Brinkmann]

On Wed, May 21, 2003 at 02:37:57PM +0200, Marcus Brinkmann wrote:
> > Note that during this exchange, a kill -9 4711 at any time will work
> > as expected. It sends a message to proc whch does access control, and
> > then proc sends a message to the task server, "terminate all tasks
> > with the accounting id 4711".
> 
> This is what I like best about the idea.  How exactly proc registration will
> work out is a bit of a different issue.  For example, the old task already
> has control over itself and over the new task.  So I wonder if you really
> need to give the new task control over the old task.

I just thought that if in the suid case, the filesystem doesn't get the old
task's proc or task handle, and the old task doesn't get the new task
handle, then that means that the old task must send its handle (or the pid
handle, which are equivalent because they can be mapped by proc) to the new
task.  And of course then the new task must do the pid grabbing you
described.

It's always nice if things settle out this way.  The non-suid case is
ambiguous, there are several options.  In the suid case, with the additional
constraints of (a) not giving the fs anything it doesn't need and (b) having
the fs not to accept any handles to servers it doesn't trust, we get a
situation that only has one option, the one you described.  I like that.

Now, which server do we get rid off next?

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/