>> But, the credentials are per-task in Linux, so it's possible to have
>> two tasks in a process running under different UIDs.
>
> Really useful isnt it
And not supported by GNU libc, neither officially nor by the current
implementation. :-(
I'd really like to have an explicit parameter for all these process
attributes (the credentials, chroot, maybe something else I'm missing
here; some kind of handle is probably required). chroot() on open()
wouldn't have to require privileges, so it could help web servers
quite a bit.
Some day, I'm going to implement something like this in userspace
(using a privileged daemon and file descriptor passing). But
performance will be horrible.
-- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/