On Nov 9, 2007 4:57 PM, Jonathan Chayce Dickinson <[EMAIL PROTECTED]> wrote: [..] > [Jonathan Dickinson] > Indeed it is. But think of the most basic server: FTP, you simply can't do > it without impersonation. I think another way around it is as follows: > > FTP > Creates (FSProc) with user supplied credentials (a process cannot > change its own user context) > > Denies All (Explicit declination, that right cannot be granted unless > by the FTP Proc) > > Allows FS Access (Explicit approval, because we are the FTP Proc) > > Initializes FSProc > > FSProc > Go and does stuff on the FS.
...or we could just give the ftp server (on an application level) the right to write in a specific directory and not let it impersonate anyone.. this way it could never do anything unexpected.. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ SharpOS-Developers mailing list SharpOS-Developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sharpos-developers
