Method and apparatus for creating a security environment for a user task in a client/server system
First Claim
1. In a server system in which a daemon process listens for a request from a user to execute a specified user task, said request specifying an identity for said user, said system having an operating system kernel, a method for executing said task on behalf of said user with an appropriate security environment for said user, comprising the steps of:
- (a) having said daemon process, upon receiving said request from said user;
(1) set an environment variable in accordance with said identity specified in said request; and
(2) issue a system call to said operating system kernel to execute said specified user task in a new address space; and
(b) having said operating system kernel, upon receiving said system call from said daemon process;
(1) create a new address space for said specified user task;
(2) create a security environment for said specified user task in accordance with said environment variable; and
(3) start said specified user task in said new address space.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for enabling a listening daemon in a client/server system to execute a specified task on behalf of a user. Upon receiving a user request, the listening daemon sets an environment variable in accordance with the user identity specified in the request and issues a system call to the operating system kernel to spawn the user task specified in the request. In response to the system call, the operating system kernel creates a new address space for the specified user task and creates a security environment for the user task in accordance with the environment variable before starting the user task in the new address space.
-
Citations
24 Claims
-
1. In a server system in which a daemon process listens for a request from a user to execute a specified user task, said request specifying an identity for said user, said system having an operating system kernel, a method for executing said task on behalf of said user with an appropriate security environment for said user, comprising the steps of:
-
(a) having said daemon process, upon receiving said request from said user; (1) set an environment variable in accordance with said identity specified in said request; and (2) issue a system call to said operating system kernel to execute said specified user task in a new address space; and (b) having said operating system kernel, upon receiving said system call from said daemon process; (1) create a new address space for said specified user task; (2) create a security environment for said specified user task in accordance with said environment variable; and (3) start said specified user task in said new address space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a server system in which a daemon process listens for a request from a user to execute a specified user task, said request specifying an identity for said user, said system having an operating system kernel, apparatus for executing said task on behalf of said user with an appropriate security environment for said user, comprising:
-
(a) means associated with said daemon process, responsive to receiving said request from said user, for; (1) setting an environment variable in accordance with said identity specified in said request; and (2) issuing a system call to said operating system kernel to execute said specified user task in a new address space; and (b) means associated with said operating system kernel, responsive to receiving said system call from said daemon process, for; (1) creating a new address space for said specified user task; (2) creating a security environment for said specified user task in accordance with said environment variable; and (3) starting said specified user task in said new address space. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for executing a task on behalf of a user with an appropriate security environment for said user in a server system in which a daemon process listens for a request from a user to execute a specified user task, said request specifying an identity for said user, said system having an operating system kernel, said method steps comprising:
-
(a) having said daemon process, upon receiving said request from said user; (1) set an environment variable in accordance with said identity specified in said request; and (2) issue a system call to said operating system kernel to execute said specified user task in a new address space; and (b) having said operating system kernel, upon receiving said system call from said daemon process; (1) create a new address space for said specified user task; (2) create a security environment for said specified user task in accordance with said environment variable; and (3) start said specified user task in said new address space. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification