On Tue, Mar 18, 2008 at 12:13:18AM -0400, der Mouse wrote: > > I don't see why this isn't solved by moving this work to init (not > > the kernel, please). > > In this particular instance, it is. But this is not going to be the > last time some multi-part privileged task causes trouble because > granting the privilege to perform its parts is far more than should be > granted to perform the conceptual task Fair enough (and that's a nice and concise description of the concern we share). However: > and eventually one of them will be impractically difficult to solve > by pushing the whole task into some already-existing privileged > process. .. at which point a more suitable new privileged process is developed to handle the specialised responsibilities involved, including as needed new specialised privileges assigned to a dedicated user that runs this process. This is still unix, surely? -- Dan.
Attachment:
pgpXmFE4KjuvK.pgp
Description: PGP signature