In a recent note, Walt Farrell said: > Date: Fri, 10 Mar 2006 10:53:09 -0500 > > He is trying to establish a different security environment within his > server, in which all requests made by the system need to be processed as > a different user. He is not making a request on behalf of another user. > > In that situation, he needs to do the same kinds of things that the > system would do, including manipulating the TCB. > Would an alternative be to use Unix Services' setuid()? It seems to me that Unix Services provide an additional security benefit in that fork() allows the child process to run in a separate address space, a desirable form of isolation.
-- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
