From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 7 07:22:27 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A9A4A106566C for ; Thu, 7 Jun 2012 07:22:27 +0000 (UTC) (envelope-from edschouten@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3BC6D8FC0C for ; Thu, 7 Jun 2012 07:22:27 +0000 (UTC) Received: by werg1 with SMTP id g1so198692wer.13 for ; Thu, 07 Jun 2012 00:22:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=Ln69nQwtLqGWXR0nuzp2E/5S0Ossn12/T3Kyf8t8Gq0=; b=tFd617dIglwUEN9+VE//mMc/J2CrOJx2C8sqMVlA5i5GiH1JK/vtJkDbsv5Azf3ahn e4ZGV2ywJ+3myKI5TSOkKqy91aMMfvE20BBSt21ZbxkCex4JQq7MXfD9GVhpmhnfT8Qr pWhWFZ4VFzKPJQVdeGHu9YNPuXW3rPmyHhO1T90ZPS+ypnLDuSkWauD22ftKye3dWQO6 Lmg0rqh8zzX7qVmpx0o/OhEJYDOmY5CEv4DVF9RrnEl2HzQ+vhd8g0i1NuSDfCHjPRCx QCr4nNUecarYv546PJoIipSp3mBz3Sfn8aclAyJwx5TtMlPQzwx/FflPDnOOmfma+k1l Wucw== MIME-Version: 1.0 Received: by 10.216.194.95 with SMTP id l73mr114560wen.206.1339053746140; Thu, 07 Jun 2012 00:22:26 -0700 (PDT) Sender: edschouten@gmail.com Received: by 10.223.151.7 with HTTP; Thu, 7 Jun 2012 00:22:25 -0700 (PDT) In-Reply-To: <20120605213101.GA13339@stack.nl> References: <4FCC126C.1020600@shatow.net> <20120605213101.GA13339@stack.nl> Date: Thu, 7 Jun 2012 09:22:25 +0200 X-Google-Sender-Auth: blhExYt026mp1TmiU3NHQgrcYQg Message-ID: From: Ed Schouten To: Jilles Tjoelker Content-Type: text/plain; charset=UTF-8 Cc: freebsd-hackers@freebsd.org, Bryan Drewery Subject: Re: [RFC] last(1) with security.bsd.see_other_uids support X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 07:22:27 -0000 2012/6/5 Jilles Tjoelker : > To avoid this, the utmpx APIs could communicate with a privileged daemon > if the files are not readable. The daemon can check the identity of the > caller via getpeereid(3). +1. I would really like to have something like this. Another advantage of this approach would be that it's a lot easier to change the file format then. There's only one application that interacts with these files. -- Ed Schouten