> > I remember Linus mentioning that he had been convinced that doing this
> > stuff completely at the user-level (assumedly via a libc shim) is superior
> > to kernel-level, but I never saw how you can make such a technique secure.
>
> Take a look at userfs, that is secure if mounted nosuid (as it will always
> be). Hurd has some work on user level translators too, including in theory
> the ability to have setuid binaries (but only setuid to the things the owner
> of the translator could setuid too).
Yes, I know userfs could be secure, but it is also broken currently. (Or
was the last time I looked.) The libc approach which Linus mentioned would
have the extreme benefit of simplicity of implementation.
> Alan
-- Kenneth Albanowski (kjahds@kjahds.com, CIS: 70705,126)