El mié, 09-07-2003 a las 23:25, Seth Nickell escribió: > Carlos Perelló Marín wrote: > > >El mié, 09-07-2003 a las 22:43, Seth Nickell escribió: > > > >[...] > > > > > > > >> 2) User Extensible Metadata in ext3!!! It seems like this is on the > >>verge of happening (maybe it already happened?), perhaps we could give > >>it an extra push. > >> > >> > > > >The actual kernel 2.5 has ACLs implemented so there is already the > >Extensible metadata extension because they use it for ACLs :-) > > > > > Awesome, I didn't know if that had landed yet. > > >[...] > > > > > > > >> 1) A revised permissions system that allows processes to acquire > >>multiple permission "tokens" ala the HURD..... so that they can run with > >>multiple user's permissions. This would allow things like the mouse > >>preference page to run as the normal user, but if you changed one of the > >>settings that requires root, we could prompt you for the root password, > >>pick up root permissions, do the work, then drop the token. Or, in > >>Nautilus, if you try to copy a file you don't have permission for we > >>could let you authenticate as root or the owner of the file, do the > >>work, and then drop the permissions. I imagine the usefulness of this is > >>not restricted to desktop apps but could be used so that, e.g., moddav > >>could run as nobody, but when you log in to it, authenticate as you so > >>that you can access your homedir through WebDAV (oops, guess that was > >>another desktop application... :-) > >> > >> > > > > > >Perhaps it's already there as a standard that Linux && BSD implement > >http://www.kernel.org/pub/linux/libs/security/linux-privs/old/doc/linux-privs.html/linux-privs.html > > > >I'm not sure the level of implementation for that standard because it > >seems to be dead :-? > > > > > Hmm.... well just scanning the document I didn't see what we needed > unless it would have been in the unwritten section on "Task/Process > credentials" :-) > I think it's called capability/priviledge: http://www.kernel.org/pub/linux/libs/security/linux-privs/old/doc/linux-privs.html/linux-privs-3.html I'm not sure if it will let us do what you are suggesting (and we need), but it sounds to me as a possible help to solve the problem. As you can read from the "standard": "For example, one such idea is to bind privileges to processes instead of UIDs. That allows you to start daemons like named under a different UID than root." My idea is that perhaps you could have a daemon that gives and remove such priviledges when a user ask for them. http://wt.xpilot.org/publications/posix.1e/ I'm evaluating this feature as a way to implement the Security Sever that has MacOSX (Carlos Garnacho was talking about it inside his GNOME System Tools talk at GUADEC): http://www.stepwise.com/Articles/Technical/2001-03-26.01.html http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/index.html Cheers. > -Seth > > _______________________________________________ > gnome-hackers mailing list > gnome-hackers gnome org > http://mail.gnome.org/mailman/listinfo/gnome-hackers -- Carlos Perelló Marín Debian GNU/Linux Sid (PowerPC) Linux Registered User #121232 mailto:carlos pemas net || mailto:carlos gnome org http://carlos.pemas.net Valencia - Spain
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente