[Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded UID issue
casey.schaufler at intel.com
Wed Oct 16 15:57:01 GMT 2013
> -----Original Message-----
> From: Jussi Laako [mailto:jussi.laako at linux.intel.com]
> Sent: Wednesday, October 16, 2013 2:24 AM
> To: Schaufler, Casey
> Cc: dev at lists.tizen.org; Le Foll, Dominique
> Subject: Re: [Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded
> UID issue
> On 15.10.2013 17:41, Schaufler, Casey wrote:
> >> But this doesn't require root, just a capability attribute for the
> >> launcher binary itself to permit this just for the launcher? And the
> >> launcher can be fired up as part of the session and will gain the
> >> capability from the filesystem attribute rather than through process
> > Yes, this is also a viable approach. It requires a launcher for each user. The
> launchers are going to have to communicate with each other to coordinate
> (or so I'm told) seat placement and the like, but it is possible. I understand
> that a single launcher is greatly preferred.
> Even with single launcher it could run as non-root with it's own UID and just
> have enough capabilities to do it's task?
Certainly. Locking down the invididual POSIX capabilities is more work, but it's just work.
More information about the Dev