Re: setuids() like setgroups() ?

Alan Cox (alan@lxorguk.ukuu.org.uk)
Fri, 16 Apr 1999 14:04:47 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nomad the Wanderer: "Re: 2.2.5-ac6 breaks lp0?"
Previous message: Christian von Roques: "Re: caps in elf, next itteration (the hack get's bigger)"

> >I've probably said this many times before, but passing being able to
> >pass an UID from one process to another using IPC is more flexible
> >than the above.
>
> Yes, but if you have a lot of UIDs to switch between (for apache each
> request can potentially be for a different UID) it would mean
> a context switch for every request. I don't know ho much that would
> influence performance.

Passing uids is only one way of solving the problem though. All the other
methods continue to apply. Uid passing lets you have centralised credential
services.

No more setuid login programs - login has to provide authentication to
the authentication server and then it will get a uid back if valid.

Its also about 200 lines of code if that for the kernel

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nomad the Wanderer: "Re: 2.2.5-ac6 breaks lp0?"
Previous message: Christian von Roques: "Re: caps in elf, next itteration (the hack get's bigger)"