Re: setpeuid(pid_t, uid_t) proposal

From: Valdis . Kletnieks
Date: Tue Aug 24 2004 - 00:59:22 EST

Next message: Paul Mackerras: "[PATCH] PPC64 Fix enable_surveillance() for power5"
Previous message: Christoph Lameter: "Re: page fault scalability patch v3: use cmpxchg, make rss atomic"
Next in thread: Jerry Haltom: "Re: setpeuid(pid_t, uid_t) proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 23 Aug 2004 23:50:05 CDT, Jerry Haltom said:

> Apache runs as a low privledge user, but can obtain the permissions of
> the user that requested the service. Apache can't give itself access, so
> it relies on a seperate process to do so. A request is received to
> Apache. The request comes with authentication information (in a number
> of forms, Basic, Kerberos (GSSAPI), CRAM, NTLM, whatever). The
> authentication information is received by the Apache module that handles
> the specific authentication type. This module passes the security
> information to a seperate stand alone daemon, which is running as root.
> This daemon is highly audited and does one purpose, and does it well.

What does this buy you that having the separate daemon just do
a fork/seteuid/exec to do the work, and passing the results back via a
Unix socket or shared mem or what-have-you?

Alternatively, what would this give you that isn't already done by
the SELinux support for cron, or Apache suexec, which already allow
"run the following in another context" functionality?

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Paul Mackerras: "[PATCH] PPC64 Fix enable_surveillance() for power5"
Previous message: Christoph Lameter: "Re: page fault scalability patch v3: use cmpxchg, make rss atomic"
Next in thread: Jerry Haltom: "Re: setpeuid(pid_t, uid_t) proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]