On Sun, 5 Nov 2000, Michael Richardson wrote:

:     Brett> before this thread moved here there was a proposal made to add
:     Brett> another syscall to the kernel that performed the same functions as
:     Brett> open but allowed the caller to pass a uid/gid pair as additional
:     Brett> parameters.  The idea being that setuid programs could safely
: 
:   I like this.

:   Exactly.
:   And "fuid" as I'll call it, can be implemented in either user space or
: kernel space (think Linux emulation) in terms of open_as(), but not the
: converse.
:   fuid may be more secure in the face of buffer overflow attacks, etc.

Has ANYONE in this thread considered that we already have a possibly more
secure mechanism for this, that could be combined simultaneously with
authentication for use by a non-suid program?

See unix(4) and its description of passing fd's via a "cmsghdr".

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  http://www.wasabisystems.com/
-- Speed, stability, security, and support.  Wasabi NetBSD:  Run with it.