site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=U8V4IufMjlwPk3HfDnXWvoMJkUwTTM0kux1ndRgaQH8=; b=mCzjqh2pgl1B+KbniO8cmFYn2AHcvl4fehzNsFtVvNnfGVciusNTMxu2DGf2VyAki7 ElsSMr95e8FNYKmUc9j1bnUXbk+H9zYgkIrZ7ERWud8vaXC3sYOIDSJJLwqHfPQIngLD KSnmQiEWJ9a1mU0UCeh5d4tXfJdlk6WuLuoOM= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=dGUItwFBfKzDtCgkZuAb89yADf3JCKqLezZ1stw6j/F3BCGBrdhFe0N9MusvCz9jbG j+sId6wKfLOxWSQoIy++g23mxTa6gi2juxLo1axDDkzJyFfo2M4o/9j4T6/rN8gLGCSj VGDkT4OpypyXsK97iYP7zQivvL7tGf6DDUIXM= On Fri, Feb 19, 2010 at 3:25 PM, Derrick Brashear <shadow@gmail.com> wrote:

On Fri, Feb 19, 2010 at 3:17 PM, Terry Lambert <tlambert@apple.com> wrote:

...

On Feb 19, 2010, at 11:59 AM, Derrick Brashear wrote:

...

That's also not really "better". Alas, what I really want to do is track processes in some way such that marking a process causes that mark to be inherited by children, and allow the kernel to read the mark, and a process can cause itself to get a new mark which will be inherited to *its* future children, and it seems that's simply not possible:

-The MAC subsystem isn't supported (http://developer.apple.com/mac/library/qa/qa2007/qa1574.html) -login contexts and audit sessions are one-per-process and owned by system software -I'm insufficiently special to use a mach special port (there are 7) -The kauth external cred resolver interface allows but a single resolver and I'm not memberd.

What actor needs access to the information?

A kernel extension will decide which credentials to use based on the information. (OpenAFS, in this case)

...

(1) This is what the keychain mechanism gives you

The goal is to within, say, a login session, give away the session I have and enroll in a new one. This should ideally affect only me, so, how I do this without causing the user to lose access to their keychain? (I assume this would be with setlcid and using that would seem to have this side effect)

There also appears to be no exported method to check a process' login context from the kernel?

...

(2) Consider adding a directory services plugin, which give you access as part of the authority of memberd

That may be plausible.

I am looking harder at this, I think I need test coe. My only option seems to be this: the other idea I had, involving mach port inheritance, fails because you can unenroll yourself from a group by closing your port without getting a new group, and the goal would be for every process to be in some group once it's in any.

...

(3) Consider simply putting the initail process in an additional supplementary group

That's fixed, though. Every login session would be an initial process (so if I ssh in more than once, each sshd should be treated as disjoint; If I am also a console user, that's also disjoint)

Also, if it weren't fixed, it wouldn't survive an initgroups. This code actually used to just use 2 supplementary groups, but hook initgroups in the syscall table and put back the groups it added. Yes, I know it's ugly. I didn't write it. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com