From: cg@cdegroot.com (Cees de Groot)
Date: 4 Dec 2002 09:19:38 +0100
Subject: Re: [e-lang] capability myths demolished!

David Wagner <daw@cs.berkeley.edu> said:
>For instance, standard Unix systems have only limited support for this
>principle.  A process can be running as root, or as a non-root user.
>Root processes can relinquish some privileges by calling setuid() to
>become a non-root user.  However, this has a lot of limitations.  It is
>very coarse-grained.  It is not available to ordinary (non-root) programs.
>And so on.
>
Linux has done a tiny step in the correct direction with kernel capabilities. 
For example, I have an appserver that's suid root, gives itself the
capability to bind to low-numbered ports, then suid's to an unpriviliged user
id. Somewhere in the high-level language code, later on, the socket is created
and bound to port 80. ping 

However, this is not POLA. That's be the capability to bind exactly to port
80. My appserver can bind to any low port and fool e.g.  NFS servers and other
systems that think ports <1024 are something special. ping

-- 
Cees de Groot               http://www.cdegroot.com     <cg@cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD  1986 F303 937F E098 9E8B
Cogito ergo evigilo
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang