Re: New Security Features, Please Comment

[Peter Teoh]

On Thu, Dec 4, 2008 at 8:00 AM, Geoffrey McRae <geoff@xxxxxxxxxxxxx> wrote:
>
> The setuid/gid concept in linux is very limited, it would be nice to be
> able to grant programs limited use of setuid, and even go one step
> further, grant programs limited ability to set child uids.

Yes, there can be many other variation on what u have just said, eg,
adding conditions whereby the grant can be used, etc.   If u have a
chance to learn a little bit of SELinux, u will know the whole thing
can be very complex, especially the rules and policies configuration.
 It is a fine balance between overheads vs performance and usability.

>
> To be completly honest, this is the kind of functionallity I expected to
> already be there, and I was hopeing someone would tell me to RTFM on
> function X that already does this...
>

Yes, I am sure it exists...and more likely than not, it can be very
application specific, and therefore, will be done by the higher-end
application in userspace.

But looking beyond, is there any other OS that may have something
similar?  (Windows, or OpenBSD etc?)   Not sure for me.

-- 
Regards,
Peter Teoh

Ernest Hemingway - "Never mistake motion for action."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/