On 15 Apr, Jan Harkes wrote:
+-----
| > How do people feel about the following proposal:
| > Adding support for login user id (auditable user id).
| >
| > 1) adding a variable "luid" to the uid_t line in the task struct
| > 2) adding two system calls - 1 to 'set' and one to 'get' the value.
| > 3) adding CAP_SET_LUID that allows setting setting the luid
|
| This sound remarkably close to the process authentication group (PAG),
+--->8
It's not. PAGs are used for permissions; LUIDs are used only for
*logging*. There are no permissions associated with the LUID; it's
simply a way to track actions performed by a user based on who they
logged in as, across any uid changes (including real user ID changes,
as with su).
CCAP ("C2") security requires logging/auditing by LUID.
--
brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net
system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:09 EST