[future patch] dropping user privileges on demand

[Pawel Jakub Dawidek]

On Thu, Aug 21, 2003 at 08:50:28AM -0400, ari wrote:
+> However, systrace is a good bit more complex than this should be, and
+> the performance penalty can be significant.  Neither programmers nor
+> admins should be expected to implement something that slows down their
+> programs on a wide scale, even if it would be advisable from a security
+> standpoint.  The implementation of flowpriv, however, will have a
+> negligible performance impact (about three memory references per system
+> call).  I _do_ believe that systrace and flowpriv should work together,
+> but i don't believe they should be consolidated.

Let me explain you something. "flowpriv" isn't a well known standard.
If you susspect that developers will rewrite their programms (and there
are many things for rewritting to use such mechanism) you're wrong.
This is my opinion.
That's why I've decide to create CerbNG - it is totally transparent
for applications and I think Niels Provos shares my opinion in systrace.

-- 
Pawel Jakub Dawidek                       pawel at dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030821/4f95a812/attachment.bin