Re: (was: Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices)

[Joerg Schilling]

John Myers <electronerd@xxxxxxxxxxxxxx> wrote:

> | cdrecord neither does drop the privileges by accident nor by malice.
>
> I wasn't trying to insult cdrecord, or even suggest it might have the
> inkling of a possibility of this type of issue, and I am sorry if I made
> it sound that way. I was merely trying to illustrate a use of my
> proposal. I admit, I should have invented a name, like
> cd-burning-fire-toaster-program to illustrate the separation of my
> example from any actual existing implementation

It was not you, but other people did write that cdrecord is broken
although only the kernel did change in an incompatible way.

> | On a cleanly designed OS with fine grained permissions, a program like
> cdrecord
> | does not need to worry about the permissions as it gets exactly the
> needed
> | permissions granted by the execution environment.
> |
> | Jörg
> |
>
> Which is exactly what I proposed...
>
>
> So... could anyone comment on my proposal, rather than just flame my
> examples?

I did not flame your examples, but if you thought of the same thigs, you may 
have been not obvious enough with your explanation.

On Solaris, this is done by /usr/bin/pfexec (the only suid root binary) that 
calls /usr/bin/ppriv -e which executes a process with the privilleges that are 
in the privilleges database.

Jörg

-- 
 EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
       js@xxxxxxxxxxxxxxx		(uni)  If you don't have iso-8859-1
       schilling@xxxxxxxxxxxxxxxxxxx	(work) chars I am J"org Schilling
 URL:  http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/