Front page | perl.perl5.porters |
Postings from May 2004
Paul Fenwick wrote: > Ton Hospel directed me to > http://www.cs.berkeley.edu/~hchen/paper/usenix02.html (Setuid > Demystified -- Hao Chen, David Wagner and Drew Dean). The paper is very > detailed and well thought-out, and suggests an API to allow navigation > of the set*id calls in a cross-platform fashion. In particular, it > suggests the implementation of: > > drop_priv_temp($uid) > drop_priv_perm($uid) > restore_priv() > > which have much simpler to understand semantics than the traditional > POSIX calls. These cover the most commonly required privilege > manipulations, and it *should* be possible to define these on all > systems that have the three concepts of real/effective/saved UIDs. FYI, Solaris 10 adds a new privilege model (Process Rights Management, AKA Least Privileges), based on that used in Secure Solaris which allows you very fine-grained control of process privileges. Solaris 10 comes with two perl modules to allow you to manipulate the privileges. For more on the S10 priveleges model, see the following links: http://docs.sun.com/db/doc/816-4557/6maosrjfj?a=view http://docs.sun.com/db/doc/816-4557/6maosrjh7?a=view http://docs.sun.com/db/doc/816-4557/6maosrjgl?a=view http://docs.sun.com/db/doc/816-4863/6mb20lvf5?a=view -- Alan Burlison --Thread Previous | Thread Next