Subject: Re: Upcoming security model abstraction
To: Elad Efrat <email@example.com>
From: Travis H. <firstname.lastname@example.org>
Date: 08/25/2006 02:32:33
On 8/24/06, Elad Efrat <email@example.com> wrote:
> - You are very strongly discouraged from directly comparing
> user/group-ids as means for authorization.
What, you mean I can't change bind(2) to only allow uid 48 (apache, on
most Linux installs) to bind to port 80?
HHOS... it's about time to put an end to hardcoded uid/gids in the
kernel. Funny thing, most people care about usernames, not uids, so
the domain of discourse is not the same as the problem domain, and
that's not good to do too often.
A while back Ptacek changed all the networking code on his box to
compare against a special "network" uid for privileges to bind to
ports 1-1024... gross, but it was effective at getting closer to a
"least privilege" system. I always thought there had to be a more
elegant way of dividing them up. I can handle one magic uid, but
several is pushing it.
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484