Re: Proposal: restrict link(2)

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sat, 14 Dec 1996 00:20:02 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Harald Koenig: "Re: Proposal: restrict link(2)"
Previous message: Alan Cox: "Re: performance tweak for web/file servers"
In reply to: Stephen R. van den Berg: "Re: Proposal: restrict link(2)"
Next in thread: Illuminati Primus: "Re: Proposal: restrict link(2)"
Reply: Illuminati Primus: "Re: Proposal: restrict link(2)"

> Difficult, perhaps, but not impossible. Just program with a devious
> mindset. In case of this particular problem, make sure that you don't
> chown() the file, but rather open() it, fstat() it, stat() it, then fchown()
> it. It can't get much safer than that.

Linux 2.1.15 has the ability to pass secure access right information
(userid etc) between processes over unix sockets. IMHO You can now build
a client/server based unix setup for all the priviledged operations without
a setuid binary on the system.

Next message: Harald Koenig: "Re: Proposal: restrict link(2)"
Previous message: Alan Cox: "Re: performance tweak for web/file servers"
In reply to: Stephen R. van den Berg: "Re: Proposal: restrict link(2)"
Next in thread: Illuminati Primus: "Re: Proposal: restrict link(2)"
Reply: Illuminati Primus: "Re: Proposal: restrict link(2)"