>>>>> "Brett" == Brett Lymn <blymn@baesystems.com.au> writes:
    Brett> For the folks at home that are trying to follow what this is about
    Brett> here is some context:

  Thanks for the summary. Useful even for people that have been following.

    Brett> before this thread moved here there was a proposal made to add
    Brett> another syscall to the kernel that performed the same functions as
    Brett> open but allowed the caller to pass a uid/gid pair as additional
    Brett> parameters.  The idea being that setuid programs could safely

  I like this.

    >> I really, really don't like the idea of implementing zillions of
    >> special-purpose "uid"s.
    >> 

    Brett> Not zillions.  If I understand it correctly you can just say "this
    Brett> is the uid we will open files as", if this is the case then this
    Brett> may be a bit limiting as you may want to open some files as root.

  Exactly.
  And "fuid" as I'll call it, can be implemented in either user space or
kernel space (think Linux emulation) in terms of open_as(), but not the
converse.
  fuid may be more secure in the face of buffer overflow attacks, etc.

] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [