On Sun, 04 Feb 2007 06:57:21 +0200
Elad Efrat <elad@NetBSD.org> wrote:

> 
> christos suggested we can make the code in login(1) a bit smarter: it
> would readlink("/tmp") and if it's a symlink, it would take the
> componenet of the link target up to "@uid" (say, "/private/tmp", in
> the case of "/private/tmp/@uid") and create the private temp dir
> there.
> 

Maybe we can think a bit more ambitiously about this, and have
per-process mounted file systems, similar to Plan 9's.  These would be
inherited via fork(), of course.

My suggestion raises some interesting questions for setuid programs,
but I suspect that yours does, too.



		--Steve Bellovin, http://www.cs.columbia.edu/~smb