Re: [tlug] Unix's 40th Birthday

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:

 > Yes, and many of the programs I use have [privilege separation]
 > functionality built in, but a) you need to trust it, and b) you
 > need further configuration to figure out what user you're supposed
 > to become (which is of course, a further chance for error).

I'm afraid you can't win that one, unless you want a system that
doesn't rely on privileged users to restrict resource access.  Maybe
you want Plan 9?

Anyway, the ones I know of do require configuration (because the
wrapper needs to do the change to the unprivileged user, but they also
have a test built-in for the right user.  They get very unhappy if the
wrapper tries to change them to the wrong user.

 > > I don't know how it passed the
 > > resources or if sockets would be one of the resources handled.
 > 
 > You can leave file handles open across forks.

Yeah, I'm sorta aware of that (ie, I know XEmacs goes to some trouble
to close fds of subprocesses when they don't need them), but I don't
know if the specific (heh) wrapper ISTR (chuckle) did that.