Subject: Re: CVS commit: src/etc
To: Jason Thorpe <>
From: Steven M. Bellovin <>
List: tech-userlevel
Date: 04/06/2005 18:51:16
In message <>, Jason Thorpe 
>On Apr 6, 2005, at 12:20 PM, Steven M. Bellovin wrote:
>>> What about introducing a concept of nonce-uids? Each process would
>>> be assigned a temporary uid distinct from all other extant
>>> uids. This would be even more powerful than the
>>> dummy-uid-per-daemon model, since it would prevent (say) two
>>> pflogd processes from interfering with each other.
>> A good idea, but we still need a way to say what files it can access,
>> which is why I mentioned systrace.
>Right, and with systrace, you don't even need separate UIDs.  User  
>"daemon" plus a well-written systrace policy should pretty much cover  

Yup -- but we need the policies and, I suspect, a framework to use them 

		--Prof. Steven M. Bellovin,