pthread_setugid_np
John Baldwin
jhb at freebsd.org
Thu May 28 13:53:10 UTC 2009
On Wednesday 27 May 2009 8:01:48 pm Zachary Loafman wrote:
> arch@ -
>
> Isilon has need of per-thread impersonation. We're looking at
> implementing something like the pthread_setugid_np mechanism found on
> OS X, loosely documented in the code:
>
> http://fxr.watson.org/fxr/source/bsd/kern/kern_prot.c?v=xnu-1228
> (see settid and setgroups1)
>
> and some here:
> http://lists.apple.com/archives/perfoptimization-dev/2008/Jan/msg00043.html
>
> Does anyone have strong objections to Apple's APIs here? There's
> obviously no portable itnerface to handle it, and it seems a little
> saner to just adopt someone else's API/semantics rather than reinvent.
I suppose you would implement this by having a new flag in td_pflags to
indicate that the thread is using a private credential and use that to
disable the automatic updating of td_ucred on syscall return and then just
point td_ucred at the thread-specific credential?
Hmm, the XXX in Darwin's source about P_SUGID is probably meaningful for us as
we still use that flag. I would defer to Robert on how that should work
though.
--
John Baldwin
More information about the freebsd-arch
mailing list