|
⇤ ← Revision 1 as of 2007-11-02 04:59:14
Size: 985
Comment: Add new kernel project: impersonation
|
← Revision 2 as of 2017-12-30 01:29:53 ⇥
Size: 985
Comment: converted to 1.6 markup
|
| No differences found! | |
Impersonation functionality
Impersonation is a feature that allows for temporary user switches at run time. UNIX have a similar feature - sutuid (http://en.wikipedia.org/wiki/Setuid), but it requires certain file system, which support "chmod +s <file>" command and all programs which use it, must have accordant flag (+s).
Also, setuid-ed program can gain any privilege even without asking password. Of course, it is a security risk and it will be good to have another mechanism for changing user privileges - and impersonation is a good way to do it. Even we can emulate impersonation with "su USER" command, it is not possible for some environments - like webservers CGI scripts.
There is a good description about implementing impersonation in FreeBSD: http://www.makefile.com/files/uimp.pdf It could be taken for the basis for adding impersonation feature to the kernel.
Difficulty: 7
Contact: Alex (dot) Slesarev (at) gmail.com