> How do people feel about the following proposal:
>
> Adding support for login user id (auditable user id).
>
> 1) adding a variable "luid" to the uid_t line in the task struct
> 2) adding two system calls - 1 to 'set' and one to 'get' the value.
> 3) adding CAP_SET_LUID that allows setting setting the luid
This sound remarkably close to the process authentication group (PAG),
which AFS uses (and Coda would like to use). It was brought up about 2
years ago by Peter Braam, but either no concensus was reached or Linus
didn't like it ;)
The problem I see with LUIDs, which PAGs avoid is that with a user-id is
is impossible to distinguish applications that were started by a user
logging in at different times, or in multiple simultaneous sessions.
i.e. a valid user who logging in from the console compared to a user who
just managed to start a compromised shell by hacking some daemon.
I'll give a short recap of the PAG concept, in case anyone missed the
previous discussion.
Assume 2 new sytem calls, getpag(2) and newpag(2).
getpag - returns the current pag. The pag is ofcourse inherited across
fork etc.
newpag - the _kernel_ assigns the current process a new pag.
If pags are 64-bit, the allocation of new pags could probably be as
simple as incrementing a global pag counter. The allocation of pags
could be logged by the kernel to allow a user space application to keep
track of who `switched identity'.
(i.e. "..... kernel: PAG #123 -> #128 by 'login' pid 243")
Well, I guess you get the idea.
Jan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:27 EST