[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Task destruction
|
From: |
Marcus Brinkmann |
|
Subject: |
Re: Task destruction |
|
Date: |
Tue, 6 Aug 2002 15:42:16 +0200 |
|
User-agent: |
Mutt/1.4i |
On Tue, Aug 06, 2002 at 03:27:47PM +0200, Niels Möller wrote:
> Marcus Brinkmann <address@hidden> writes:
>
> > I think all we need is tracking of the anonymous handle in task inheritance,
> > and make changing the handle a privileged operation.
>
> Agree, except that I suspect that we'd need a *list* of handles to
> support multiple proc servers in a natural way.
I (almost) don't think so. Every process will only register itself with one
proc server. That proc server can install a new handle in the task
inheritance tree if useful for it and if it is a privileged task.
For the unprivileged Hurd systems, that means it can not install new
handles, and all tasks in that system will get the same handle as the boot
process' task got. So root can easily track those systems.
For privileged Hurd systems, you lose that feature. it is not easy for root
to observe which tasks belong to which Hurd system by just observing the
handles. But that is not necessary as those systems are already owned by
root, so there are other ways to observe the relationship (asking the
individual proc servers).
If that latter case doesn't appeal to you, the solution will be to use proxy
task servers for those other Hurd systems.
> I see no need for the notion of "privileged" process so far.
I don't necessarily mean privileged to the task server, but the normal sense
of privilege we use in the Unix world. Eg, whatever the mechanism is, the
effect is that a normal user can not install arbitrary handles.
> One question for the task server is whether or not operations such as
> listing all tasks, requesting task creation notifications, or
> examining the handle(s) associated with a task, needs to be a
> privileged (or restricted in some other way). The answer is not quite
> clear to me.
I agree on the not quite clear part :) We won't know until we know what
"listing all tasks" means. For example in Mach, it means to get all task
ports, which means you can control all tasks. Naturally this is a
privileged operation.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/
- Re: Task destruction, (continued)
- Re: Task destruction, Marcus Brinkmann, 2002/08/05
- Re: Task destruction, Roland McGrath, 2002/08/05
- Re: Task destruction, Marcus Brinkmann, 2002/08/05
- Re: Task destruction, Roland McGrath, 2002/08/05
- Re: Task destruction, Marcus Brinkmann, 2002/08/05
- Re: Task destruction, Roland McGrath, 2002/08/05
- Re: Task destruction, Marcus Brinkmann, 2002/08/05
- Re: Task destruction, Niels Möller, 2002/08/06
- Re: Task destruction, Marcus Brinkmann, 2002/08/06
- Re: Task destruction, Niels Möller, 2002/08/06
- Re: Task destruction,
Marcus Brinkmann <=
- Re: Task destruction, Niels Möller, 2002/08/06
- Re: Task destruction, Marcus Brinkmann, 2002/08/06
- Re: Task destruction, Marcus Brinkmann, 2002/08/06
- Re: Task destruction, Niels Möller, 2002/08/06
- Re: Task destruction, Marcus Brinkmann, 2002/08/06
- Re: Task destruction, Marcus Brinkmann, 2002/08/06
- Re: Task destruction, Marcus Brinkmann, 2002/08/06
- Re: Task destruction, Niels Möller, 2002/08/07
- Re: Task destruction, Marcus Brinkmann, 2002/08/07
- Re: Task destruction, Niels Möller, 2002/08/07