|
From: | John Ogness |
Subject: | [Dazuko-devel] Re: [PATCH] Set trusted pid feature to Dazuko |
Date: | Mon, 04 Oct 2004 22:21:42 +0200 |
User-agent: | Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.1) Gecko/20040808 |
Tikka, Sami wrote:
The problem is that Dazuko will intercept the open syscall from the scanner daemon. To prevent that, I have added a new feature to Dazuko: the possibility to allow a process-id (and its children) without asking permission from a registered daemon.
Hi,I had a chance to go through your "trusted pid" patch. There are two main concerns that I have:
1. I don't like the idea of using "Pid" in the Dazuko Interface. In some systems a number may not effectively be able to describe another process. I prefer to use something more abstract, which can be specialized for the various platforms. (Something similar to dazuko_id except in userspace.) However this would not be difficult to implement.
2. My main concern is the implication of a registered process telling Dazuko to trust (actually ignore) the actions of some other non-registered process. What if that process ends or dies? Another process (if based only on pid) could take it's place and be free to work unnoticed. Can Dazuko (and the other registered processes) really trust a registered process enough to know that it will keep tabs on the "trusted process"?
I need to think about this. Right now your daemon could implement this itself in userspace by immediately allowing access for "trusted" processes. I am not sure I am ready to move this feature into kernelspace.
But I will keep thinking about it... John Ogness -- Dazuko Maintainer
[Prev in Thread] | Current Thread | [Next in Thread] |