Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 28 Aug 2002 07:49:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 28 Aug 2002 07:48:38 -0400 Received: from mail.cert.uni-stuttgart.de ([129.69.16.17]:35036 "EHLO Mail.CERT.Uni-Stuttgart.DE") by vger.kernel.org with ESMTP id ; Wed, 28 Aug 2002 07:47:47 -0400 To: linux-kernel@vger.kernel.org Subject: Re: problems with changing UID/GID References: <20020826133028.GA21965@cissol7.cis.nctu.edu.tw> <1030369551.1750.4.camel@irongate.swansea.linux.org.uk> Mail-Followup-To: linux-kernel@vger.kernel.org From: Florian Weimer Date: Wed, 28 Aug 2002 13:51:58 +0200 In-Reply-To: <1030369551.1750.4.camel@irongate.swansea.linux.org.uk> (Alan Cox's message of "26 Aug 2002 14:45:51 +0100") Message-ID: <871y8jxktd.fsf@Login.CERT.Uni-Stuttgart.DE> User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1176 Lines: 24 Alan Cox writes: >> But, the credentials are per-task in Linux, so it's possible to have >> two tasks in a process running under different UIDs. > > Really useful isnt it And not supported by GNU libc, neither officially nor by the current implementation. :-( I'd really like to have an explicit parameter for all these process attributes (the credentials, chroot, maybe something else I'm missing here; some kind of handle is probably required). chroot() on open() wouldn't have to require privileges, so it could help web servers quite a bit. Some day, I'm going to implement something like this in userspace (using a privileged daemon and file descriptor passing). But performance will be horrible. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/