> Given widespread kernel support for getpeereuid(), it's easy to split a > setuid program. All you have to do is identify the atomic operations > that the program performs upon restricted files, and move the code for > those operations to a separate daemon. getpeeruid() is the wrong semantics though. If you look at the Linux credential passing it is done per message. A blind implementation of uid per socket pair makes it rather hard to handle datagram based services, to pick up on uid changes the other end etc. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:18 PDT