Re: Desktop Kernel Stuff

[Seth Nickell <snickell stanford edu>]

Carlos Perelló Marín wrote:

> El mié, 09-07-2003 a las 22:43, Seth Nickell escribió:
>
> [...]
>
>  
>
> >    2) User Extensible Metadata in ext3!!! It seems like this is on the 
> > verge of happening (maybe it already happened?), perhaps we could give 
> > it an extra push.
> >    
>
> The actual kernel 2.5 has ACLs implemented so there is already the
> Extensible metadata extension because they use it for ACLs :-)
>  
Awesome, I didn't know if that had landed yet.

> [...]
>
>  
>
> >    1) A revised permissions system that allows processes to acquire 
> > multiple permission "tokens" ala the HURD..... so that they can run with 
> > multiple user's permissions. This would allow things like the mouse 
> > preference page to run as the normal user, but if you changed one of the 
> > settings that requires root, we could prompt you for the root password, 
> > pick up root permissions, do the work, then drop the token. Or, in 
> > Nautilus, if you try to copy a file you don't have permission for we 
> > could let you authenticate as root or the owner of the file, do the 
> > work, and then drop the permissions. I imagine the usefulness of this is 
> > not restricted to desktop apps but could be used so that, e.g., moddav 
> > could run as nobody, but when you log in to it, authenticate as you so 
> > that you can access your homedir through WebDAV (oops, guess that was 
> > another desktop application... :-)
> >    
>
>
> Perhaps it's already there as a standard that Linux && BSD implement
> http://www.kernel.org/pub/linux/libs/security/linux-privs/old/doc/linux-privs.html/linux-privs.html
>
> I'm not sure the level of implementation for that standard because it
> seems to be dead :-?
>  
Hmm.... well just scanning the document I didn't see what we needed 
unless it would have been in the unwritten section on "Task/Process 
credentials" :-)

-Seth