Menu
▾
▴
Re: [ros-kernel] Re: ROS gui
|
From: Joachim B. <jmb...@gm...> - 2002-07-23 20:13:07
|
"Koert van der Veer" <ko...@ic...> writes: >> do you mean switch user? note that this user is still logged on. >> OTOH, a program that wil run for several users (sharing memory && >> recources) wil be cool. Think of cmd.exe, windows commander, ICQ >> and what ever. I would like to share this programs betwen logged >> users. > > A potential pittfall for such a structure is user permissions. Consider an > admin and a simple user sharing notepad (ridiculous, I know...) What happens > if the admin tries to open a severly protected file, such as kernel32.dll, > and what happens when the user tries to open it? The program would have to > behave differently for each of these situations, so either the uid an gid of > the proces should be changed, or the program should handle this itself. In > the latter, part of the code has to run as user 'System' (or, at your > option, root), which imposes severe security risks, as a simple buffer > overflow would enable a local (or perhaps even remote) user to gain all > permissions. In the world I come from "all" read-only parts of the program, such as the actual executable code (in the usual case, anyway), gets only loaded once and, depending on OS designed, used more or less directly out of the buffer cache pages. As this data is read-only sharing it between instances is indistinguishable from each instance having its own copy. All data which makes the program relate to its environment (data and stack, which roughly correspond to the "variables" in the source code) is allocated per instance (no matter whether these instances span different users or not). Especially the process control structure, which also "contains" the security context, is allocated per instance. Perhaps this can clarify how such a structure might work; especially that it does not necessarily require consent of the applications. I honestly don't know how much of that MS really implements. Btw, one of the frustrating points in using windows for me is that most programs have ill-defined notions of what should be "read-only", imposing severe limitations to the scheme above. Try to do just about anything with a read-only %SystemRoot% or HKLM... (pet peevee) So long, Joe P.S. I didn't forget about the "Wishlist for Windows by a Unix user", finding the time to do it is the harder part... -- "I use emacs, which might be thought of as a thermonuclear word processor." -- Neal Stephenson, "In the beginning... was the command line" |
