>>>>> "Todd" == Todd Vierling <tv@wasabisystems.com> writes:
    Todd> : 
    Todd> :   I like this.

    Todd> :   Exactly.
    Todd> :   And "fuid" as I'll call it, can be implemented in either user space or
    Todd> : kernel space (think Linux emulation) in terms of open_as(), but not the
    Todd> : converse.
    Todd> :   fuid may be more secure in the face of buffer overflow attacks, etc.

    Todd> Has ANYONE in this thread considered that we already have a possibly more
    Todd> secure mechanism for this, that could be combined simultaneously with
    Todd> authentication for use by a non-suid program?

    Todd> See unix(4) and its description of passing fd's via a "cmsghdr".

  Yes, this is a good direction to explore.
  BTW, you can use socketpair() as well, I think.

  Are you are suggesting that the program wouldn't have need to be setuid in
the first place had it used some server?
  Or that one should do:
     if(fork()==0) {
		   setuid(getuid());
		   /* read file name from socket */	
		   open(filename);
		   /* send file descriptor to parent */
     }
		   		   
] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [