On Mon, Feb 12, 2007 at 02:42:46PM -0500, Bill Nottingham wrote: > > So could UID. All you need is a unique identifier for each session. UID can do > > that. Whatever you use, it has to be auditable. > > UID isn't unique among sessions. Our security boundary is the user not the session. Its a fundamental design upon which the OS is based. The cookie is not unique amongst sessions either because I can pass it around freely within tasks with my uid just as I should be able to, and even if I couldn't I could ptrace patch a program with the cookie and my uid to do what I wanted. You could build a security model around this, but then I start the following app in my desktop while(1) read command from named pipe execute command write status to named pipe and we are back to the fact that security in Linux systems is tied to the user (or with SELinux arguably user/role, and then the user/role matters not a cookie) Tell me why your security model gains from poking around unreliably in the environment of a task (which is also btw really slow and a path we optimise against not for) as opposed to operating on the uid. Alan -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
