On Fri, Dec 21, 2001 at 04:23:46PM +0000, xs@kittenz.org wrote:

 > What about a passwdfs, implemented in a similar way to portalfs? This could
 > be set up in a way such that a binary that does authentication doesn't
 > necessarily need to be s[gu]id or run as root.
 > 
 >     echo 'mypass' >/pass/myuser/chk; echo $?
 > 
 > assuming echo checks the return value of write(2).

Well, there's a much simpler way of doing this -- BSD-Auth (originally by
BSDI).

However, the problem with both of these methods is authentication schemes
that need to modify the current process's context.  AFS's authentication
scheme is one such example (need to push your credentials up into the
kernel so that you can perform file access).

 > Couldn't ld.elf_so be statically linked in, but the rest dynamically
 > linked? Or am I missing something?

You're missing something ... in ELF, the interpreter (ld.elf_so) is loaded
by the kernel, not the user process.  The transfer of control looks like
this:

	kernel -> ld.elf_so -> program __start()

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>