In message <E0zyhRE-00013T-00at_private>, Nick Maclaren writes: >Consider things like job schedulers, printing systems and so on. User >A calls one of those, which runs as user B. It then calls mail - the >examples were chosen because both of them do precisely that. Which >is the user identification that the mailer should use? In this case, a concept similar to "session IDs" would help: a session ID records the original identity of the user that initiated this login session. It is copied across all su calls, and inherited by fork and exec calls. Thus, the process running as user B, still has an session ID of user A. Hence, when it calls the mailer, the session ID is still user A, which can be used for access control checking. Granted a system call may now be needed to get_session_id() or similar, but if you trust the kernel, you can trust the session ID. Session IDs are found in the HPUX kernel (they're called audit ID) and I think most other kernels support some notion of a session ID inherited across processes. Note: a process cannot change its session ID. It is set by the kernel when the login process execs the process group leader. It never changes from then on in. It is usually stored in some "trusted database" so that you can go back over time and map session IDs to actual real people. Just a thought... Mark >Regards, >Nick Maclaren, >University of Cambridge Computing Service, >New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. >Email: nmm1at_private >Tel.: +44 1223 334761 Fax: +44 1223 334679 -- Mark Crosbie http://www.best.com/~mcrosbie Hewlett-Packard MS 47 LA mcrosbieat_private 19447 Pruneridge Avenue (408) 447-2308 Cupertino, CA 95014 (408) 447-6766 FAX
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:21 PDT