Re: PROPOSAL: Process Authentication Groups (PAGs)

Albert D. Cahalan (acahalan@cs.uml.edu)
Fri, 20 Feb 1998 17:08:18 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pawel S. Veselov: "Re: PROPOSAL: Process Authentication Groups (PAGs)"
Previous message: Mark Spencer: "virtual disk system"

> there is a need for finer granularity management of keys
> than a mere mapping to UID (which is what Coda currently does).
...
> One approach is that processes are in "groups" for the purposes
> of distributed file system identities. Usually people aquire an
> identity for a session, expect different identities for different
> sessions, etc. However, the existing UNIX process groupings have
> other purposes -- process groups are used for Job control, and
> sessions are too fine grained (if I run xterm, which will be
> associated with a new pty, I want to be in the same authentication
> group). And UNIX UID does not seem to be sufficient. Hence a new
> grouping, and that grouping is named the PAG, currently.

This looks totally bogus. The UID is how Unix does security.
Users don't share UIDs on any sane system. Try explaining to
a user why they can't edit a file with one login even though
it works fine with another login. Users have enough trouble
as it is.

Assume I want to "break" this system. I start the debugger...
You'd need to consider processes in different PAGs as having
different UIDs. I could edit a file (on ext2 in /tmp even)
that a different PAG uses to store file names... Oh, I've just
broken into my own account. :-)

More useful: POSIX privs and ACLs. There is some existing code
for both. One or both can be done on ext2, UFS, NTFS... and Coda.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Pawel S. Veselov: "Re: PROPOSAL: Process Authentication Groups (PAGs)"
Previous message: Mark Spencer: "virtual disk system"