From owner-freebsd-hackers Mon Aug 23 15:47:43 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from picnic.mat.net (picnic.mat.net [206.246.122.133]) by hub.freebsd.org (Postfix) with ESMTP id 10D3C14CD3 for ; Mon, 23 Aug 1999 15:47:36 -0700 (PDT) (envelope-from chuckr@picnic.mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.3/8.9.3) with ESMTP id SAA89557; Mon, 23 Aug 1999 18:42:50 -0400 (EDT) (envelope-from chuckr@picnic.mat.net) Date: Mon, 23 Aug 1999 18:42:50 -0400 (EDT) From: Chuck Robey To: Garance A Drosihn Cc: Ville-Pertti Keinonen , Greg Lehey , hackers@FreeBSD.ORG Subject: Re: Mandatory locking? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 23 Aug 1999, Garance A Drosihn wrote: > At 11:29 AM -0400 8/23/99, Chuck Robey wrote: > >I think mandatory locking should exist, but only be available to root. > >If a program needs this, it must run with root privs, so that ordinary > >users cannot wedge the machine, but (as usual) root can shoot himself > >in the foot (traditional Unix methodology). > > I don't think we want to force people into running their program as > root just to get mandatory locking. Perhaps there would be a program > with root-privs which would have to be run to register files which > will have mandatory locking, but the program which manipulates those > files shouldn't have to run as root. There are other ways to access the rights, such as sockets, pipes, etc. You write a server which runs as root and can lock, and the clients, running with clients privs, make service requests. If you restrict locking to root, then even if someone manages to wedge his machine, he's not doing anything that an idiot with root and the rm command can't do much worse. I think Garrett's fears are of folks unwittingly wedging machines too easily, so real mandatory locking ought to be restricted to programs that root can set up. > > > --- > Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu > Senior Systems Programmer or drosih@rpi.edu > Rensselaer Polytechnic Institute > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@picnic.mat.net | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run picnic and jaunt, both FreeBSD-current. (301) 220-2114 | ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message