Capabilities workshop, followup questions
John Howie
JHowie at msn.com
Mon Jun 19 05:06:22 GMT 2000
----- Original Message -----
From: "Bart van Leeuwen" <bart at ixori.demon.nl>
To: <posix1e at cyrus.watson.org>
Cc: <trustedbsd-discuss at trustedbsd.org>;
<linux-privs-discuss at sourceforge.net>
Sent: Sunday, June 18, 2000 3:38 PM
Subject: Re: Capabilities workshop, followup questions
> This would imply that a thread can execute, but that any capabilities and
> resources used should be checked against the process that 'owns' the
> thread.
Won't, and shouldn't, work. What happens if you have a daemon that listens
for incoming work requests from clients and creates a thread to process each
request. Now imagine what needs to happen if the thread must run in the
security context of the client. It needs to perform a seteuid (). Should
resource access be checked against the uid of the process? Emphatically, no.
The process will have a different uid and might not have access to the
resources that the thread should. All resource access, and accounting, needs
to be performed at the thread level.
My two cents worth,
john...
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list