Re: GSS-APIv3 sketch

Nicolas Williams <> Thu, 12 November 2009 20:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0DDCF3A6B28 for <>; Thu, 12 Nov 2009 12:00:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.972
X-Spam-Status: No, score=-4.972 tagged_above=-999 required=5 tests=[AWL=-1.038, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, SARE_SPEC_REPLICA_OBFU=1.812]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DsIfpPo6cykc for <>; Thu, 12 Nov 2009 12:00:19 -0800 (PST)
Received: from (sca-ea-mail-1.Sun.COM []) by (Postfix) with ESMTP id C87BE28C1D0 for <>; Thu, 12 Nov 2009 12:00:13 -0800 (PST)
Received: from ([]) by (8.13.7+Sun/8.12.9) with ESMTP id nACK0c3s028334 for <>; Thu, 12 Nov 2009 20:00:38 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM []) by (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id nACK0bx7058615 for <>; Thu, 12 Nov 2009 13:00:37 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost []) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id nACJfYQb018447; Thu, 12 Nov 2009 13:41:34 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id nACJfXBi018446; Thu, 12 Nov 2009 13:41:33 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to using -f
Date: Thu, 12 Nov 2009 13:41:33 -0600
From: Nicolas Williams <>
To: Love Hörnquist Åstrand <>
Subject: Re: GSS-APIv3 sketch
Message-ID: <20091112194133.GF1105@Sun.COM>
References: <20091111181140.GC10501@Sun.COM> <> <20091111184244.GN1105@Sun.COM> <20091111184726.GD10501@Sun.COM> <> <E1N8MHF-004jYm-T7@intern.SerNet.DE> <20091111230442.GY1105@Sun.COM> <E1N8Twh-0057MW-SY@intern.SerNet.DE> <20091112170403.GB1105@Sun.COM> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: Mutt/1.5.7i
Cc: "" <>, Volker Lendecke <Volker.Lendecke@SerNet.DE>
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 Nov 2009 20:00:21 -0000

On Thu, Nov 12, 2009 at 10:52:03AM -0800, Love Hörnquist Åstrand wrote:
> 12 nov 2009 kl. 09:04 skrev Nicolas Williams:
> > I'd love to see that, please :)
> "A process shall be created with a single thread. If a multi-threaded
> process calls fork(), the new process shall contain a replica of the
> calling thread and its entire address space, possibly including the
> states of mutexes and other resources. Consequently, to avoid errors,
> the child process may only execute async-signal-safe operations until
> such time as one of the exec functions is called. [THR] 

>   Fork handlers may be established by means of the
>   pthread_atfork()function in order to maintain application invariants
>   across fork() calls."
> Does libc regiester all mutexes it uses with pthread_atfork() so
> malloc will continue to work ? As long as all libraries doesn't you
> pthread_atfork() you are dead.

If there are libraries in OpenSolaris that use threads but don't clean
up their synchronization state in fork() children via pthread_atfork(),
then that's _BUG_.  I'll grant that some such libraries may not be part
of core Solaris, that they may be FOSS with upstreams that don't care
about such bugs.  But here we're talking about libraries (GSS-API
mechglue and providers) that are part of core Solaris.

> Fork-and-not-do-exec is dead concept in multi threaded apps.

Fork-and-not-exec is a suspect idea no matter what, and if you'll
fork-and-exec then you should use posix_spawn(3C).

But why is any of this a concern here?  Does Samba fork-and-not-exec?
Are you afraid that there are libraries that would?