Linux tool named "tulpa" that uses virtualization to simulate creating a second user (and enforce simulated user permissions) without having rights to actually create a second user on the system
Conversation
Notices
-
Embed this notice
mcc (mcc@mastodon.social)'s status on Wednesday, 14-May-2025 09:45:18 JST 
mcc
-
Embed this notice
✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Wednesday, 14-May-2025 09:45:16 JST 
✧✦Catherine✦✧
@mcc @Catfish_Man windows has something like this in COM, they call it "impersonation"
-
Embed this notice
mcc (mcc@mastodon.social)'s status on Wednesday, 14-May-2025 09:45:17 JST
mcc
@Catfish_Man that's… interesting, would old Mach have enabled this?
I think this is actually impossible because if you're a thread you can overwrite memory in use by other threads, invalidating all security guarantees. You'd need to basically be in an OS where threads are isolated enough they're more like green processes.
-
Embed this notice
David Smith (catfish_man@mastodon.social)'s status on Wednesday, 14-May-2025 09:45:18 JST 
David Smith
@mcc What I want along those lines is an “introject” syscall that makes a particular thread in a daemon act, for security and other purposes, as though it’s a thread in the app that sent the daemon a message
-
Embed this notice
mcc (mcc@mastodon.social)'s status on Wednesday, 14-May-2025 09:47:20 JST
mcc
@whitequark @Catfish_Man how…secure is it?
-
Embed this notice
✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Wednesday, 14-May-2025 09:52:09 JST
✧✦Catherine✦✧
@mcc @Catfish_Man it's kind of notoriously easy to misuse
also, it only concerns privileges to use objects (as in NT kernel objects); does nothing for memory safety, besides the fact that threads and processes are NT objects
-
Embed this notice
All GNU social JP content and data are available under the