From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <110ac39c99871b98c5739a23de17b6e2@swtch.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] https/factotum question From: "Russ Cox" Date: Tue, 21 Feb 2006 18:00:34 -0500 In-Reply-To: <2245.1140562458@piper.nectar.cs.cmu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: 044af3e8-ead1-11e9-9d60-3106f5b1d025 > But it looks to me as if the closest I can come at > present is for the factotum behind /srv/factotum to > contain the RSA key tagged with "owner=none", which I > think means that anybody who is "none", not just the > one web server process and its descendants, can sign > things. true. > I notice in httpd.c that some things are opened before > becomenone()... would it make sense to somehow latch > onto a "private" factotum at this point and then use > it after becomenone()? nope, can't do that. becomenone() is only useful if you then reconstruct your name space from scratch, and that means remounting factotum. your only option is to open the fd for mounting the secret factotum, then call becomenone(), then mount the fd, which is still open but otherwise inaccessible to you. the web server isn't signing pages, just that the connection is to the right machine. we figure if you can talk to that factotum, you're on the machine, so close enough. so we just run httpd as none and let any process use the ssl certificate. russ