I can see reasons both for and against this. A server shouldn't pass uids
around without some kind of authentication (or you'll have no security
anyway). If a "hacked" program can authenticate itself and then pass
the uid to some other program, then it could just have send the
authentication information to the other program and then let that
program fetch an uid from the server. On the other hand, just being
able to pass the authentication information around makes it easier to
understand the logfiles (if the uid passing daemon logs its activities).
/Sebastian
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html