[future patch] dropping user privileges on demand

[Dan Nelson]

In the last episode (Aug 17), ari said:
> Currently, root is the only user that can actually drop significant
> privileges, as root is the only user that has access to such
> functions. This is flawed --- any user should be able to relinquish
> his privileges, and i've begun a patch to put this into effect.

Have you taken a look at Cerb?  http://cerber.sourceforge.net/

It does something similar, but uses a C-like language to control a
processes actions.  This lets you get extremely fine-grained control
(allow httpd to bind to only port 80, once), but the rules run as
"root", so they can grant as well as revoke privileges.  A useful
modification would be to allow users to submit their own policies that
can only disallow actions (i.e. all arguments and process variables are
read-only, and the script can either pass the syscall through or return
a failure code, nothing else).

-- 
	Dan Nelson
	dnelson at allantgroup.com