> >>>> * Lack of generalized message passing
> >>>
> >>> (RT-signals in Linux, a feature of Linux 2.2)
> >>
> >> Could user acahalan send 42 bytes to user mmuscovi?
> >
> > sure, 'mail mmuscovi < ./42bytefile'. What are you trying to
> > achieve and why?
>
> The original poster said "generalized message passing" and you
> responded with something that can pass 4 or 8 bytes between
> processes with the same UID. That isn't very general.
and my question is/was 'what do you need it for, exactly (ie. what
application)'.
> >>> (i guess you missed include/linux/capability.h, a feature of 2.2.
> >>> Not completely finished, but the main mechanizm is in there.)
> >>
> >> I believe he means "true" capability support. In any case,
> >> Linux can't revoke normal user capabilities.
> >
> > what do you mean by 'true'.
>
> True capability systems are token-based. They work very much like
> file descriptor security. Access can be passed from process to
> process, but is not automatically shared by all processes with the
> same UID. [...]
this is what Linux capabilities do too, if you care to take a look at the
code.
> We've often seen requests to deny users the ability to run a network
> server, and sometimes seen requests to deny users the ability to run a
> network client. [...]
this is perfectly possible with Linux capabilities, it just hasnt been
extended to above-port-1024 yet.
> [...] I know I'd want to block SysV shared memory use if I
> were running a server with crummy users.
ulimit ...
> > take a look at async networking IO, fcntl(SETSIG), etc, implemented by
> > Stephen Tweedie recently. (it's in 2.2)
>
> Excellent - but only for network IO?
you are free to implement the rest.
-- mingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/