Re: Desktop Kernel Stuff



El mié, 09-07-2003 a las 23:25, Seth Nickell escribió:
> Carlos Perelló Marín wrote:
> 
> >El mié, 09-07-2003 a las 22:43, Seth Nickell escribió:
> >
> >[...]
> >
> >  
> >
> >>    2) User Extensible Metadata in ext3!!! It seems like this is on the 
> >>verge of happening (maybe it already happened?), perhaps we could give 
> >>it an extra push.
> >>    
> >>
> >
> >The actual kernel 2.5 has ACLs implemented so there is already the
> >Extensible metadata extension because they use it for ACLs :-)
> >  
> >
> Awesome, I didn't know if that had landed yet.
> 
> >[...]
> >
> >  
> >
> >>    1) A revised permissions system that allows processes to acquire 
> >>multiple permission "tokens" ala the HURD..... so that they can run with 
> >>multiple user's permissions. This would allow things like the mouse 
> >>preference page to run as the normal user, but if you changed one of the 
> >>settings that requires root, we could prompt you for the root password, 
> >>pick up root permissions, do the work, then drop the token. Or, in 
> >>Nautilus, if you try to copy a file you don't have permission for we 
> >>could let you authenticate as root or the owner of the file, do the 
> >>work, and then drop the permissions. I imagine the usefulness of this is 
> >>not restricted to desktop apps but could be used so that, e.g., moddav 
> >>could run as nobody, but when you log in to it, authenticate as you so 
> >>that you can access your homedir through WebDAV (oops, guess that was 
> >>another desktop application... :-)
> >>    
> >>
> >
> >
> >Perhaps it's already there as a standard that Linux && BSD implement
> >http://www.kernel.org/pub/linux/libs/security/linux-privs/old/doc/linux-privs.html/linux-privs.html
> >
> >I'm not sure the level of implementation for that standard because it
> >seems to be dead :-?
> >  
> >
> Hmm.... well just scanning the document I didn't see what we needed 
> unless it would have been in the unwritten section on "Task/Process 
> credentials" :-)
> 

I think it's called capability/priviledge:

http://www.kernel.org/pub/linux/libs/security/linux-privs/old/doc/linux-privs.html/linux-privs-3.html

I'm not sure if it will let us do what you are suggesting (and we need),
but it sounds to me as a possible help to solve the problem.

As you can read from the "standard": "For example, one such idea is to
bind privileges to processes instead of UIDs. That allows you to start
daemons like named under a different UID than root." My idea is that
perhaps you could have a daemon that gives and remove such priviledges
when a user ask for them.

http://wt.xpilot.org/publications/posix.1e/


I'm evaluating this feature as a way to implement the Security Sever
that has MacOSX (Carlos Garnacho was talking about it inside his GNOME
System Tools talk at GUADEC):
http://www.stepwise.com/Articles/Technical/2001-03-26.01.html
http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/index.html

Cheers.

> -Seth
> 
> _______________________________________________
> gnome-hackers mailing list
> gnome-hackers gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-hackers
-- 
Carlos Perelló Marín
Debian GNU/Linux Sid (PowerPC)
Linux Registered User #121232
mailto:carlos pemas net || mailto:carlos gnome org
http://carlos.pemas.net
Valencia - Spain

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]