uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)

[Markus Friedl]

On Wed, Sep 04, 2002 at 11:43:43AM -0400, Toni L. Harbaugh-Blackford wrote:
> What do we loose by not having post-auth privsep?

a lot.

> 
> What code is executed between authorization and actual setting of the
> effective uid?

all the protocol parsing is still run with uid==0, only the forked
login shell has the uid of the authenticated used.