Re: Desktop Kernel Stuff



Carlos Perelló Marín wrote:

El mié, 09-07-2003 a las 22:43, Seth Nickell escribió:

[...]

2) User Extensible Metadata in ext3!!! It seems like this is on the verge of happening (maybe it already happened?), perhaps we could give it an extra push.

The actual kernel 2.5 has ACLs implemented so there is already the
Extensible metadata extension because they use it for ACLs :-)
Awesome, I didn't know if that had landed yet.

[...]

1) A revised permissions system that allows processes to acquire multiple permission "tokens" ala the HURD..... so that they can run with multiple user's permissions. This would allow things like the mouse preference page to run as the normal user, but if you changed one of the settings that requires root, we could prompt you for the root password, pick up root permissions, do the work, then drop the token. Or, in Nautilus, if you try to copy a file you don't have permission for we could let you authenticate as root or the owner of the file, do the work, and then drop the permissions. I imagine the usefulness of this is not restricted to desktop apps but could be used so that, e.g., moddav could run as nobody, but when you log in to it, authenticate as you so that you can access your homedir through WebDAV (oops, guess that was another desktop application... :-)


Perhaps it's already there as a standard that Linux && BSD implement
http://www.kernel.org/pub/linux/libs/security/linux-privs/old/doc/linux-privs.html/linux-privs.html

I'm not sure the level of implementation for that standard because it
seems to be dead :-?
Hmm.... well just scanning the document I didn't see what we needed unless it would have been in the unwritten section on "Task/Process credentials" :-)

-Seth




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]