Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!mit-eddie!apollo!brian From: brian@apollo.COM (Brian Holt) Newsgroups: comp.sys.apollo Subject: Re: process protection Message-ID: <408d2dd5.18e92@apollo.COM> Date: 29 Dec 88 21:14:00 GMT References: <8812280128.AA03401@umix.cc.umich.edu> Reply-To: brian@apollo.COM (Brian Holt) Organization: Apollo Computer, Chelmsford, MA Lines: 45 In article <8812280128.AA03401@umix.cc.umich.edu> GBOPOLY1@NUSVM.BITNET (fclim) writes: >does this means that any server processes set up by the sys admin in the >`node_data/startup.19l may be zap by any random user? if the answer is yes, >i like to renew my flame that the display manager is much too powerful. >in fact, i believe that the dm should just be that, a display manager; >-- a window manager. it shouldn't have the capability to creat new process, >or to shut down a node. Agreed. The DM tries to do too many things. In the future, we will support the X model, where each piece is a separate client talking to a single window system server. This is taking a while to do, since we want to continue supporting DM users and programs and can't just use X straight off the tape. See below for protecting daemons. >does this mean that crp is a set-uid-on program? whoever logs on and crp >to a different node has his effective uid to user.server?? and user.server >is as powerful as root such that any process may be zapped??? >gee, one god is enough; why must apollo creat more dieties like user.%. > If you crp onto a node, your effective uid on that node is the same as the node you are crp'ing from. 'user.server' is not as powerful as root. It is as powerful as anything else in that it can kill processes owned by user.server. It has been around for many years on Apollo's, and can best be seen as a hangover (:-) from the old Aegis days. All of the new stuff uses traditional Unix methods. If you want to protect system processes from being killed by random users, start up the daemons in /etc/rc and have the programs run setuid or setgid to some other user/group (such as setuid daemon). This part is the way we are all used to doing things on Unix systems. =brian P.S. I apologize if this offends any Aegis users, but when there is a choice between something a little better but different, and a standard, the standard is always better. And yes, I am a card-carrying Usenix member. -- Internet: brian@apollo.COM UUCP: {decvax,mit-erl,yale}!apollo!brian NETel: Apollo: 508-256-6600 x5694 Home: 617-332-3073 USPS: Apollo Computer, Chelmsford MA Home: 29 Trowbridge St. Newton MA (Copyright 1988 by author. All rights reserved. Free redistribution allowed.)