Capabilities workshop, followup questions
Bart van Leeuwen
bart at ixori.demon.nl
Mon Jun 19 11:41:05 GMT 2000
On Sun, 18 Jun 2000, John Howie wrote:
> ----- Original Message -----
> From: "Bart van Leeuwen" <bart at ixori.demon.nl>
> To: <posix1e at cyrus.watson.org>
> Cc: <trustedbsd-discuss at trustedbsd.org>;
> <linux-privs-discuss at sourceforge.net>
> Sent: Sunday, June 18, 2000 3:38 PM
> Subject: Re: Capabilities workshop, followup questions
> > This would imply that a thread can execute, but that any capabilities and
> > resources used should be checked against the process that 'owns' the
> > thread.
> Won't, and shouldn't, work. What happens if you have a daemon that listens
> for incoming work requests from clients and creates a thread to process each
> request. Now imagine what needs to happen if the thread must run in the
> security context of the client. It needs to perform a seteuid (). Should
> resource access be checked against the uid of the process? Emphatically, no.
> The process will have a different uid and might not have access to the
> resources that the thread should. All resource access, and accounting, needs
> to be performed at the thread level.
Uhm... or such a definition of threads would mean that you cannot do
something like you describe with them and need to find a better way to do
that. My question remains, why not make it a process when you gonna do
things that are process like with it.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss