Re: Part 2: System Structure

[Bas Wijnen]

On Sat, May 13, 2006 at 06:57:04AM +0200, Pierre THIERRY wrote:
> Scribit Marcus Brinkmann dies 12/05/2006 hora 17:45:
> > System Services
> > 
> > Unix-style suid applications have been proposed as one application for
> > alternative process construction mechanisms. [...]
> >
> > In fact, no gain can derived from letting the user instantiate system
> > services. In Unix, system services run on durable resources, which the
> > user can not revoke.
> 
> You make here the assumption that suid is only used for system services,
> but I have many suid games in my system, exactly for the purpose I
> described: letting these programs access the hall of fame without
> letting me accessing it otherwise.
> 
> Can you propose a way to achieve this?

In both cases, there must be a trusted third (or actually second) party, which
is trusted to hold the sensitive data (such as in this case the hall of fame).
This party is the one providing the service.  For unix setuid, this is
typically "the system".  However, in the Hurd any normal user can of course
take that role.  And even if it is the system (because it is a
system-installed game), that doesn't mean security holes are opened, because
this service of course doesn't run with capabilities to anything it doesn't
need.

I do see one problem with this approach though.  If the game is a service
provided by some server, then the user doesn't pay for the resources which are
used by the game.  With many services this is fine, but with games it is at
least conceptually wrong.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature