"Albert D. Cahalan" wrote:
> So you only need one system call for this. No CAP_* bit required.
>
> int sysluid(int arg){
> int old = current->luid;
> if(old) return old;
> current->luid = arg;
> return arg;
> }
>
> If login fails to set LUID then, yes, normal users can mess with it.
> This is OK because your system wasn't using it anyway.
--- I like it, unfortunately it won't do everything I need. 1) init should start up with LUID==-1 (it's not a valid login ID). 2) Account 0 should be audited when root logs in. In the above implementation you are relying on root having privileged status. In a capability based system 'root' is just another user to be monitored and may have no privilege.-l
-- Linda A Walsh | Trust Technology, Core Linux, SGI law@sgi.com | Voice: (650) 933-5338
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:25 EST