[EMAIL PROTECTED] (Niels M�ller) writes:
> I start my own auth-server, which runs as me, with all my privileges.
> Then I start the untrusted script in such away that it has no
> privileges at all with the standard authserver (i.e. like the system's
> no-uid" user). However, it could talk to my auth-server, which could
> proxy some requests to the real auth server, and in that way delegate
> some of my privileges.
The untrusted script could also talk to /servers/password and get
rights in the real auth server -- if it can guess a password.
> In order to let the "sub-user" access files, I could either let it act
> as the "no-uid" user, and grant permissions to that. Or I could start
> my own filesystem server, and let it talk to my own auth-server.
If the filesystem talked only with your own auth server, would
you be able to view its contents with a process which uses the
original auth server?
