Replace uid==0 tests with capability checks
Scott Neugroschl
scott_n at xypro.com
Thu Mar 19 10:42:51 EST 2009
> On 2009-03-18 10:08, Corinna Vinschen wrote:
> : Is there any chance this [the below] can be discussed at one point?
>
> I'm all for it.
At the risk of sounding AOL-ish, me too.
I'm working on a non-standard unix-like system (HP/Tandem Nonstop) and
things
are sometimes a bit odd/weird there w.r.t. permissions and uids.
> : On Mar 11 09:26, Corinna Vinschen wrote:
> : > What's still missing in OpenSSH is code which abstracts the idea
of
> the
> : > root user to the idea of a user with certain privileges. [...]
> : > the hardcoded checks for uid == 0 don't
> : > make sense or rather, are too bulky in a couple of environments.
>
> [...]
>
> : > openssh should have checks along the lines of
> : >
> : > if (uid_has_capability (getuid (), CAP_foo_bar))
> : > do_foo_bar ();
> : > else
> : > EEEEK!
>
More information about the openssh-unix-dev
mailing list