woods@weird.com (Greg A. Woods) writes:

> For "bit-rotting research projects" I suspect you're referring to Robert
> Watson's experimental implementation of a new design in FreeBSD (and
> perhaps Linux too?):
> 
> 	http://www.watson.org/fbsd-hardening/tokens/fbsd-tokens-0.2/docs/proposal.txt

With the exception that this still requires PAM since there is no way to
modify another process's pag.

> Watson does also advocate PAM, it's not a fundamental part of the design
> he promotes.

It is, since there is no set_pag_for_pid() in his api.
 
> Douglas Engert has also implemented some interesting ideas in this area:
> 
> 	http://www.ornl.gov/~jar/dfs-afs.html

Same thing here.

Modifying all programs (adding setpag()) that needs to create a new pag
sucks big time.
 
> The basic idea though is trivial.  Keeping the PAG directly in the proc
> structure where it should have been put in the first place instead of
> over-loading the group list, and allowing a child process, or even a
> sufficiently privileged random "unrelated" process, to set the PAG for a
> given process is only a SMOP.  :-)

Groups are stored of the proc structure. In AFS there is a setpag syscall
that is unrestricted. The only problems I see with using the groups as pag
is that you have to hook setgroups. This makes it a evil hack that should
die.

Love