Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!mit-eddie!snorkelwacker!paperboy!think!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.arch
Subject: Re: Patents and Architecture
Message-ID: <40193@think.Think.COM>
Date: 8 Jul 90 04:37:32 GMT
References: <62864@sgi.sgi.com> <=Y943A7@xds13.ferranti.com> <37297@ucbvax.BERKELEY.EDU> <63007@sgi.sgi.com> <SOA4-T5@ficc.ferranti.com> <PCG.90Jun30223813@odin.cs.aber.ac.uk>
Sender: news@Think.COM
Reply-To: barmar@nugodot.think.com (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 22

In article <PCG.90Jun30223813@odin.cs.aber.ac.uk> pcg@cs.aber.ac.uk (Piercarlo Grandi) writes:
>Just a moment, here. The setuid bit an *invention*? Hey, this is
>ridiculous. It is just a scaled down version of Multics rings.

While setuid can be used to solve some of the same problems as rings, they
are very different mechanisms.  Rings are very limited, due to their
concentric nature, and only privileged users can create inner-ring
procedures.  Setuid is less limited, supporting an arbitrary number of
non-intersecting domains, and anyone may create programs that are setuid to
themselves.

Setuid isn't a perfect mechanism, and there are some ways in which rings
beat it.  For instance, setuid can usually only be invoked by spawning new
processes (except that the superuser can use the setuid() system call),
while rings can be crossed within a process.  And true domains have them
both beat.  But setuid is a simple, clever way to allow users to create
personal domains.  It certainly deserves to be called an invention.
--
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar