Re: Design principles and ethics

[Bas Wijnen]

On Sun, Apr 30, 2006 at 07:57:00PM +0200, Tom Bachmann wrote:
> > I wasn't replying to "what about /bin/passwd?", but to "what about setuid
> > programs?", which seemed to be what he meant.
> 
> OK. Are there any setuid binaries we want? To my view, setuid is just a
> unix invention to circumvent the very coarse grained access control.

It is, but our version wouldn't give a whole uid (really a session, as your
shell has), but only specific capabilities.  The idea is the same though: the
user may be permitted to use certain capabilities only through trusted
programs.  Device drivers are an example.  They advertise themselves to the
user by delivering a capability in the terminal that the user logs on to.
This isn't a capability to the actual hardware, but only to some program which
controls that capability for you (in a restricted way).

It is likely that all setuid programs will really end up to be continuously
running servers that you can call.  That's one of the good things of a
persistent system.  It wouldn't really be doable to set all that up at boot
time on a non-persistent system, and it would cost too much resources.  None
of these is a problem with persistence (and processes which get completely
paged out).

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature