Indeed. The other thing I was thinking about would be something like
struct switchuid {
uid_t uid;
uid_t uid_range;
gid_t gid;
gid_t gid_range;
};
int setswitchuids(size_t size, struct userids list[]);
int getswitchuids(size_t size, struct userids list[]);
int switchuid(struct userids *);
However, this is very non-standard and the cances of this getting
implemented are very low, I guess. The reason I am asking this is that
I am considering hacking Apache and the kernel for UID swtching -
wondering if it should be a quick&dirty local hack, or something reasonably
clean so I can try to get it integrated into Linux and Apache.
>No more setuid login programs - login has to provide authentication to
>the authentication server and then it will get a uid back if valid.
>Its also about 200 lines of code if that for the kernel
Aha, that would be SCM_SETCREDENTIALS ? I'm curious about this. It
seems to be the easiest (and most probable) solution for now.
Mike.
-- Indifference will certainly be the downfall of mankind, but who cares?- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/