> [1] http://www.trustedbsd.org/privileges.html
As I already mentioned, the way to go for FreeBSD will probably turn out to be capsicum. But that is of no concern right now. (Only with 9.0) Unices do not support thread-based UIDs or privileges. (IIRC Windows does, but again, that is of no concern right now). We should foremost concentrate our efforts on centralizing privilege handling. Whether we use for these efforts a library, such as libcap or the raw syscalls - as we have to on Solaris anyway - should be decided based on what turns out to be most beneficial to the architecture. One of the questions this opens is fitting the subject of this thread: How do we handle system which do not support POSIX capabilities? i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 571B 8B8A FC97 266D BDA3 EF6F 43AD 80A4 5779 3257