Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Oystein Viggen <firstname.lastname@example.org> writes:
> Combined with some kind of capabilities support, this could prove quite
> a versatile (and did I mention cool ;) security feature for the hurd,
Capabilites seem easy enough. This is how...
Let's look at the ftpd example. You create a server/translator which,
when asked, tries to create a socket, bind it to port 20, and return
it. It could even take a hostname or ip-address as argument and
connect before returning the socket, if that's desirable. Obviously
that server has to run with some extra privileges.
Now, you start the ftpd with something like
rmauth /real/ftpd </your/capabilities/server
The ftpd server gets started with no userids. However, it inherits an
open fd associated with a port that lets it bind port 20.
Any capability could be implemented in a similar way. The "algebra"
described in the "Ode to the granovetter diagram" paper would apply.
There may be some better way to create and inherit the port than to
bind it to the stdin fd.