From: Joerg Schilling <schilling@fokus.fraunhofer.de>
To: schilling@fokus.fraunhofer.de, electronerd@monolith3d.com
Cc: linux-kernel@vger.kernel.org, der.eremit@email.de,
christer@weinigel.se, axboe@suse.de
Subject: Re: (was: Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices)
Date: Thu, 02 Sep 2004 17:40:46 +0200 [thread overview]
Message-ID: <41373EFE.nailBAN11FRB9@burner> (raw)
In-Reply-To: <41372501.8050600@monolith3d.com>
John Myers <electronerd@monolith3d.com> wrote:
> | cdrecord neither does drop the privileges by accident nor by malice.
>
> I wasn't trying to insult cdrecord, or even suggest it might have the
> inkling of a possibility of this type of issue, and I am sorry if I made
> it sound that way. I was merely trying to illustrate a use of my
> proposal. I admit, I should have invented a name, like
> cd-burning-fire-toaster-program to illustrate the separation of my
> example from any actual existing implementation
It was not you, but other people did write that cdrecord is broken
although only the kernel did change in an incompatible way.
> | On a cleanly designed OS with fine grained permissions, a program like
> cdrecord
> | does not need to worry about the permissions as it gets exactly the
> needed
> | permissions granted by the execution environment.
> |
> | Jörg
> |
>
> Which is exactly what I proposed...
>
>
> So... could anyone comment on my proposal, rather than just flame my
> examples?
I did not flame your examples, but if you thought of the same thigs, you may
have been not obvious enough with your explanation.
On Solaris, this is done by /usr/bin/pfexec (the only suid root binary) that
calls /usr/bin/ppriv -e which executes a process with the privilleges that are
in the privilleges database.
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni) If you don't have iso-8859-1
schilling@fokus.fraunhofer.de (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
next prev parent reply other threads:[~2004-09-02 15:42 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2ptdY-42Y-55@gated-at.bofh.it>
[not found] ` <2uPdM-380-11@gated-at.bofh.it>
[not found] ` <2uUwL-6VP-11@gated-at.bofh.it>
[not found] ` <2uWfh-8jo-29@gated-at.bofh.it>
[not found] ` <2uXl0-Gt-27@gated-at.bofh.it>
[not found] ` <2vge2-63k-15@gated-at.bofh.it>
[not found] ` <2vgQF-6Ai-39@gated-at.bofh.it>
[not found] ` <2vipq-7O8-15@gated-at.bofh.it>
[not found] ` <2vj2b-8md-9@gated-at.bofh.it>
[not found] ` <2vDtS-bq-19@gated-at.bofh.it>
2004-08-21 15:01 ` PATCH: cdrecord: avoiding scsi device numbering for ide devices Pascal Schmidt
2004-08-21 15:57 ` Joerg Schilling
2004-08-21 21:42 ` Pascal Schmidt
2004-08-22 11:56 ` Joerg Schilling
2004-08-22 12:14 ` Joerg Schilling
2004-08-22 12:52 ` Patrick McFarland
2004-08-22 13:05 ` Joerg Schilling
2004-08-22 16:38 ` Horst von Brand
2004-08-22 15:11 ` Horst von Brand
2004-08-22 18:09 ` Matthias Andree
2004-08-22 13:13 ` Pascal Schmidt
2004-08-22 16:00 ` Christer Weinigel
2004-08-22 16:32 ` Joerg Schilling
2004-08-22 17:18 ` Christer Weinigel
2004-08-22 19:22 ` DTrace-like analysis possible with future Linux kernels? Joerg Schilling
2004-08-22 20:27 ` PATCH: cdrecord: avoiding scsi device numbering for ide devices Giuseppe Bilotta
2004-08-22 21:29 ` Julien Oster
2004-08-23 11:40 ` Joerg Schilling
2004-08-23 13:15 ` Matthias Andree
2004-08-23 18:16 ` Kai Makisara
2004-08-24 10:22 ` Christer Weinigel
2004-08-24 15:34 ` Joerg Schilling
2004-08-22 16:33 ` Christer Weinigel
2004-08-22 16:19 ` Alan Cox
2004-08-22 17:31 ` Christer Weinigel
2004-08-22 20:47 ` Alan Cox
2004-08-22 22:17 ` Christer Weinigel
2004-08-23 12:22 ` Adam Sampson
2004-08-22 19:26 ` Tonnerre
2004-08-22 20:14 ` DTrace-like analysis possible with future Linux kernels? Joerg Schilling
2004-08-22 20:33 ` Tonnerre
2004-08-22 20:38 ` Alan Cox
2004-08-22 20:43 ` Joerg Schilling
2004-08-22 21:37 ` Christer Weinigel
2004-08-23 11:44 ` Joerg Schilling
2004-08-23 17:40 ` Horst von Brand
2004-08-23 20:25 ` PATCH: cdrecord: avoiding scsi device numbering for ide devices Bill Davidsen
2004-08-23 21:01 ` Doug Maxey
2004-08-25 18:29 ` Bill Davidsen
2004-08-24 2:22 ` Nuno Silva
2004-08-31 22:22 ` (was: Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices) John Myers
2004-09-02 9:44 ` Joerg Schilling
2004-09-02 13:49 ` John Myers
2004-09-02 15:40 ` Joerg Schilling [this message]
2004-08-22 21:27 ` PATCH: cdrecord: avoiding scsi device numbering for ide devices Julien Oster
2004-08-07 12:51 Linux Kernel bug report (includes fix) Joerg Schilling
2004-08-07 13:26 ` Måns Rullgård
2004-08-07 19:32 ` Bernd Schubert
2004-08-08 1:18 ` Horst von Brand
2004-08-08 5:22 ` Alexander E. Patrakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41373EFE.nailBAN11FRB9@burner \
--to=schilling@fokus.fraunhofer.de \
--cc=axboe@suse.de \
--cc=christer@weinigel.se \
--cc=der.eremit@email.de \
--cc=electronerd@monolith3d.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.