archive mirror
 help / color / mirror / Atom feed
* /dev/tpmrm0 session handling
@ 2021-06-28 22:22 Ken Goldman
  0 siblings, 0 replies; only message in thread
From: Ken Goldman @ 2021-06-28 22:22 UTC (permalink / raw)
  To: Linux Integrity

[-- Attachment #1: Type: text/plain, Size: 1086 bytes --]

Two questions:

1 - I create a session in one process and context save it.  In another
process, I flushcontext, and it flushes the saved context.

I would not have expected a process to be able to flush another
process' context.  Is this working as designed?

2 - This is a more basic question.

One process creates a session, context saves it, and then exits -
maliciously or due to a bug.  This saved session will be there
until eventually startauthsession fails due to the context
gap issue.

Or an errant process starts and context saves 64 sessions,
which blocks any process from starting a session.

The new process can recover by picking some session and flushing
it (which works due to #1) but that breaks another process.

What I expected - perhaps worth discussing:

Save and load context would be used solely by the resource manager
to swap.  The RM, upon detecting a close() or an exiting process,
would flush all resources associated with that process, including
active sessions.

(The Windows resource manager blocks context save and load.)

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4490 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-06-28 22:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-28 22:22 /dev/tpmrm0 session handling Ken Goldman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).