Date: Wed, 24 May 2000 19:11:22 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Nick Sayer <nsayer@sftw.com> Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, freebsd-hackers@FreeBSD.ORG Subject: Re: Needed: suid library calls (was Re: cvs commit: src/crypto/openssh sshd_config) Message-ID: <200005250211.TAA78261@apollo.backplane.com> References: <sheldonh@uunet.co.za> <20000524090528.ECF641CE1@overcee.netplex.com.au> <20000524022840.C79861@freebsd.org> <200005241446.KAA60257@khavrinen.lcs.mit.edu> <20000524075921.A53829@freebsd.org> <200005241709.NAA60822@khavrinen.lcs.mit.edu> <20000524105558.A3407@freebsd.org> <200005241853.OAA61188@khavrinen.lcs.mit.edu> <392C3E40.E0D8974D@vangelderen.org> <392C60F1.91EDC30D@sftw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:"Jeroen C. van Gelderen" wrote:
:
:> [...]
:>
:> Since user authentication is needed by more than one program it
:> should live in it's own process. Right now there is code
:> duplication and it is impossible to change the authentication
:> policy without messing with sshd.
:>
:
:What we _really_ need is some mechanism to recognize the difference
:between a user program and a system library, with an eye towards
:granting privileges to trusted libraries without letting those privileges
:leak past the library in question.
Oh god, its MULTICS! Run! Run! Run for the hills!
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005250211.TAA78261>