From owner-freebsd-hackers Wed May 24 19:11:32 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 1261837BDF6 for ; Wed, 24 May 2000 19:11:28 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id TAA78261; Wed, 24 May 2000 19:11:22 -0700 (PDT) (envelope-from dillon) Date: Wed, 24 May 2000 19:11:22 -0700 (PDT) From: Matthew Dillon Message-Id: <200005250211.TAA78261@apollo.backplane.com> To: Nick Sayer Cc: "Jeroen C. van Gelderen" , freebsd-hackers@FreeBSD.ORG Subject: Re: Needed: suid library calls (was Re: cvs commit: src/crypto/openssh sshd_config) References: <20000524090528.ECF641CE1@overcee.netplex.com.au> <20000524022840.C79861@freebsd.org> <200005241446.KAA60257@khavrinen.lcs.mit.edu> <20000524075921.A53829@freebsd.org> <200005241709.NAA60822@khavrinen.lcs.mit.edu> <20000524105558.A3407@freebsd.org> <200005241853.OAA61188@khavrinen.lcs.mit.edu> <392C3E40.E0D8974D@vangelderen.org> <392C60F1.91EDC30D@sftw.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :"Jeroen C. van Gelderen" wrote: : :> [...] :> :> Since user authentication is needed by more than one program it :> should live in it's own process. Right now there is code :> duplication and it is impossible to change the authentication :> policy without messing with sshd. :> : :What we _really_ need is some mechanism to recognize the difference :between a user program and a system library, with an eye towards :granting privileges to trusted libraries without letting those privileges :leak past the library in question. Oh god, its MULTICS! Run! Run! Run for the hills! -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message