Re: Thoughts on a token-based security system

Meelis Roos (mroos@tartu.cyber.ee)
Sun, 10 Jan 1999 23:37:41 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Thorncrantz: "Re: [Patch] IPv4 TCP security impovement"
Previous message: Bjorn Ekwall: "Re: Exporting symbols from Modules to kernel code"
Maybe in reply to: David Madore: "Thoughts on a token-based security system"
Next in thread: Bernd Eckenfels: "Re: Thoughts on a token-based security system"

DM> Basically, a security token is just a number, an identifier. It
DM> represents a specific permission or privilege. To each running
DM> process is associated a set of tokens which the process possesses.
DM> Some tokens allow the process to actually *do* something as far as the
DM> OS is concerned; say, split up the ``root'' privileges in a lot of
DM> sub-privileges for doing various things (so that a process won't have
DM> to be root unless it really needs to) - but that isn't the most
DM> important point. The other tokens (most tokens) don't have any
DM> special meaning as far as the OS is concerned. They are used for
DM> inter-process communication and authentication.

Do you mean the capability mechanism inside the kernel? CAP_NET_RAW etc.

-- Meelis Roos (mroos@tartu.cyber.ee)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Thorncrantz: "Re: [Patch] IPv4 TCP security impovement"
Previous message: Bjorn Ekwall: "Re: Exporting symbols from Modules to kernel code"
Maybe in reply to: David Madore: "Thoughts on a token-based security system"
Next in thread: Bernd Eckenfels: "Re: Thoughts on a token-based security system"