On 3/10/2006 11:04 AM, [EMAIL PROTECTED] wrote:
In a recent note, Walt Farrell said:
Date: Fri, 10 Mar 2006 10:53:09 -0500
He is trying to establish a different security environment within his
server, in which all requests made by the system need to be processed as
a different user. He is not making a request on behalf of another user.
In that situation, he needs to do the same kinds of things that the
system would do, including manipulating the TCB.
Would an alternative be to use Unix Services' setuid()? It
seems to me that Unix Services provide an additional security
benefit in that fork() allows the child process to run in a
separate address space, a desirable form of isolation.
That sounds like a good suggestion, gil. Isolation via fork() can be
very helpful in resolving a number of problems that can otherwise occur
in a multi-user address space.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
