Subject: open_as vs fuid
To: None <firstname.lastname@example.org, email@example.com>
From: Michael Richardson <firstname.lastname@example.org>
Date: 11/05/2000 10:53:42
>>>>> "Brett" == Brett Lymn <email@example.com> writes:
Brett> For the folks at home that are trying to follow what this is about
Brett> here is some context:
Thanks for the summary. Useful even for people that have been following.
Brett> before this thread moved here there was a proposal made to add
Brett> another syscall to the kernel that performed the same functions as
Brett> open but allowed the caller to pass a uid/gid pair as additional
Brett> parameters. The idea being that setuid programs could safely
I like this.
>> I really, really don't like the idea of implementing zillions of
>> special-purpose "uid"s.
Brett> Not zillions. If I understand it correctly you can just say "this
Brett> is the uid we will open files as", if this is the case then this
Brett> may be a bit limiting as you may want to open some files as root.
And "fuid" as I'll call it, can be implemented in either user space or
kernel space (think Linux emulation) in terms of open_as(), but not the
fuid may be more secure in the face of buffer overflow attacks, etc.
] Train travel features AC outlets with no take-off restrictions| firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [