On Mon, 17 Apr 2000, Anton Ivanov wrote:
> It is rumored that on 17-Apr-2000 Rik van Riel wrote:
> > I'd chose security over a piece of paper any day. I'm willing
> > to integrate sensible things from CCAP/C2, but I haven't seen
> > any convincing argument for LUID yet...
>
> 1. su to root, sudoers, etc at an increased security level
> should be permitted based on luid. Thus chain compromises based
> on sniffed keyboard become harder.
Not really. If you have sniffed someone's password you can login
as that person without leaving behind any trace that it was you
who got their password.
> 2. if luid and setluid privileges are implemented tracking
> quotas becomes much easier and more consistant.
IMHO quotas shouldn't be tracked by luid, but by euid. The
euid determines the rights a process has for filesystem access,
sending of signals and loads of other stuff, so it's only
natural that quotas are charged per euid too.
Alternatively, we could charge quota's to _both_ and maintain
the more restrictive of the two.
> 3. The most important and elementary application which exists in
> almost all luid systems I 've seen is the privilege to daemonize
> to depend on luid. This is a very effective way to keep track of
> run-away stuff on a busy system.
This would be the same as the ability to daemonize on
uid/euid/ruid... I don't see any advantage of having an
luid here.
regards,
Rik
-- The Internet is not a network of computers. It is a network of people. That is its real strength.Wanna talk about the kernel? irc.openprojects.net / #kernelnewbies http://www.conectiva.com/ http://www.surriel.com/
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:10 EST