Impersonation functionality
Impersonation is a feature that allows for temporary user switches at run time. UNIX have a similar feature - sutuid (http://en.wikipedia.org/wiki/Setuid), but it requires certain file system, which support "chmod +s <file>" command and all programs which use it, must have accordant flag (+s).
Also, setuid-ed program can gain any privilege even without asking password. Of course, it is a security risk and it will be good to have another mechanism for changing user privileges - and impersonation is a good way to do it. Even we can emulate impersonation with "su USER" command, it is not possible for some environments - like webservers CGI scripts.
There is a good description about implementing impersonation in FreeBSD: http://www.makefile.com/files/uimp.pdf It could be taken for the basis for adding impersonation feature to the kernel.
Difficulty: 7
Contact: Alex (dot) Slesarev (at) gmail.com