On 15 Apr, Steve Dodd wrote:
+-----
| On Fri, Apr 14, 2000 at 02:43:16PM -0700, Linda Walsh wrote:
| > Adding support for login user id (auditable user id).
| >
| > 1) adding a variable "luid" to the uid_t line in the task struct
| > 2) adding two system calls - 1 to 'set' and one to 'get' the value.
| > 3) adding CAP_SET_LUID that allows setting setting the luid.
|
| Hmmm, I don't think I've understood this; how does this differ from the
| real userid?
+--->8
The security level formerly known as C2 requires the system to keep a
"login UID"; this ID never changes, regardless of real or effective UID
changes, and is used to record the actual user who performed some
audited action. System daemons run with LUID 0, which is the only LUID
permitted to change its LUID; if a process has a nonzero LUID, it can
not change its LUID for any reason.
--
brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net
system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:25 EST