Dante: A Socks server and client implementation [PSARC/2008/714 timeout 11/25/2008]
James Carlson
james.d.carlson at sun.com
Wed Nov 19 09:40:01 PST 2008
Nicolas Williams writes:
> It's called embedded_su(1M) :)
I disagree. embedded_su was designed for applications that need to do
the equivalent of 'su', but that need to do it from within some
non-CLI environment. It's for the "click here and enter your admin
password" GUI bits.
In this case, we're not trying to *become* that UID at all. We don't
care about the UID; it's irrelevant for the daemon. We care only
about authenticating a user *name*.
> (Yes, it's not a daemon, it has to be fork/exec'ed, which means that the
> SOCKS daemon in this case must retain those basic privs, or build its
> own "authenticator daemon" which retains them and runs embedded_su on
> behalf of the main daemon which does not retain those basic privs. In
> any case, this is probably well outside the scope of the project.)
I agree with that last part.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list