Mail Archives: cygwin-developers/2001/05/31/09:12:36
On Thu, May 31, 2001 at 04:43:56PM +0400, egor duda wrote:
> CV> The reason is that I found another good example how such a server
> CV> could be used: s-uid and s-gid applications and files.
>
> looks reasonable. not that i particularly miss suid bits, but i'd
> probably use it extensively if/when it'll be implemented.
Just for the records, I have an example: crontab -e.
crontab is a suid root process which is owned by root to be able to
read the /var/cron/tabs dir, then switches to the calling user to
call the editor and then switches back to root to write the users
crontab file but owned by root and with 0600 permissions. That's
tricky and we have currently no way to provide a similar mechanism.
> I'd try to range them from the different points of view:
> (first is better, last is worse)
>
> Security:
> 1. Named pipes.
> 2. Shared memory (?).
> 3. Sockets.
> 4. Smoke signals.
>
> Performance (including both latency and throughput):
> (*** this is pure speculation, some testing required ***)
> 1. Named pipes. Shared memory. (not sure which is better)
> 2. Sockets.
> 3. Smoke signals.
Damn! I think that's the off for smoke signals...
> Cross-platform support:
> 1. Smoke signals. :)
Seriously, even the human brain is a supported platform!
> 2. Shared memory.
> 3. Sockets. (don't forget, user may want to use cygwin on machine with
> no networking installed)
Personally I don't know one person which doesn't have at
least TCP/IP installed for using the internet. But you're right.
> 4. Named pipes (nt/2000 only)
Yeah, I like to forget 9x/ME.
> a communication between client and server is restricted to local host
> only, so, i suppose, we can take "mixed" approach -- use named pipes
> on nt/2000 and shared memory on w9x.
As I wrote in my previous mail, it's essential to be sure about
the process which calls the server. Faking of pid, uid and gid
must not be possible!
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
- Raw text -