|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: CVS commit: src/etc
From: Christopher Richards (richards+netbsd
CS.Princeton.EDU)
Date: Wed Apr 06 2005 - 14:15:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 06 Apr 2005 13:22:02 -0400, Steven M. Bellovin wrote:
> There are often lots of reasons to disagree with them; this isn't one
> of them. We really want to limit the damages that can be done by any
> single malfunctioning program.
>
> A more interesting question is whether or not there's a better way,
> since lots of special-purpose logins create their own manageability
> headaches. Perhaps something with systrace?
What about introducing a concept of nonce-uids? Each process would
be assigned a temporary uid distinct from all other extant
uids. This would be even more powerful than the
dummy-uid-per-daemon model, since it would prevent (say) two
pflogd processes from interfering with each other.
--
Chris
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]