[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure exec
From: |
Marcus Brinkmann |
Subject: |
Re: secure exec |
Date: |
Fri, 23 May 2003 14:32:29 +0200 |
User-agent: |
Mutt/1.5.3i |
On Thu, May 22, 2003 at 07:54:29PM +0200, Marcus Brinkmann wrote:
> The filesystem server does this:
>
> error_t
> file_exec (file, task_server, new_task_obj_id, trans, &thread_id)
> {
> if (task_server != my_trusted_task_server)
> return EINVAL;
> err = task_use_transaction_record (task_server, new_task_obj_id, trans,
> &new_task);
> if (!err)
> err = task_revoke (new_task);
> if (!err)
> err = task_get_state (new_task, &state);
> if (state != just_created_and_empty)
> {
> /* We trust the filesystem to do this here. But if it really wanted
> to steal the the task, it could do it anyway. This is still better
> than having to wait for the user to accept the task we give to it.
> */
> task_destroy (new_task);
> return EINVAL;
> }
At this (or an earlier) point, the filesystem also has to insert a task ID
handle to itself into new_task, so that it is guaranteed that new_task will
notice if the filesystem dies prematurely. This can not be left to the
caller (old task). The task server can easily allow this, as the filesystem
has total control over the task.
> /* The task is all ours now. */
> thread_id = setup_task (new_task);
> /* thread_id now is the thread that will wait for the user's startup
> message. */
> return thread_id;
> }
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/
- secure exec, Marcus Brinkmann, 2003/05/22
- Re: secure exec, Niels Möller, 2003/05/23
- Re: secure exec, Marcus Brinkmann, 2003/05/23
- Re: secure exec, Niels Möller, 2003/05/23
- Re: secure exec, Marcus Brinkmann, 2003/05/24
- Re: secure exec, Niels Möller, 2003/05/25
- Re: secure exec, Niels Möller, 2003/05/25
- Re: secure exec, Marcus Brinkmann, 2003/05/25
- Re: secure exec, Niels Möller, 2003/05/25
- Re: secure exec, Marcus Brinkmann, 2003/05/25
Re: secure exec,
Marcus Brinkmann <=