On Sun, Apr 16, 2000 at 12:09:12PM -0700, Linda Walsh wrote:
> real user id was implemented as a way to allow SUID programs to
> drop privilege temporarily and then later be able to restore it within the
> same process. As such, it sorta has to track when someone changes UID (except
> under temporary SUID conditions).
Ah, swapping euid and ruid as in BSD (setreuid)? I was thinking of the POSIX
stuff..
What I'm getting at is this: can we not implement the exact semantics you
want for LUID using RUID, only by reconfiguring user space? Just make sure
su doesn't have CAP_SETUID and doesn't try to change its ruid. In fact,
would you even want su in a secured, cap'd system? For admin tasks, you
should be able to raise/assert the required capability without changing the
kernel's idea of who you are. It seems cleaner.
-- Hail Eris!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:10 EST