Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 2 Nov 2002 22:54:08 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 2 Nov 2002 22:54:08 -0500 Received: from mail.gurulabs.com ([208.177.141.7]:25754 "EHLO mail.gurulabs.com") by vger.kernel.org with ESMTP id ; Sat, 2 Nov 2002 22:54:07 -0500 Date: Sat, 2 Nov 2002 21:00:38 -0700 (MST) From: Dax Kelson X-X-Sender: dkelson@mooru.gurulabs.com To: Oliver Xymoron Cc: Linus Torvalds , Alexander Viro , Olaf Dietsche , "Theodore Ts'o" , Rusty Russell , "linux-kernel@vger.kernel.org" , "davej@suse.de" Subject: Re: Filesystem Capabilities in 2.6? In-Reply-To: <20021103035017.GD18884@waste.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 897 Lines: 37 On Sat, 2 Nov 2002, Oliver Xymoron wrote: > # mv ping ping.real > # chmod -s ping.real > # mkcapwrap +net_raw ping.real > # chmod +s ping > # showcapwrap ping > invokes /bin/ping > grants net_raw > # Do you mean? # mv ping ping.real # chmod -s ping.real # mkcapwrap +net_raw ping # chmod +s ping # showcapwrap ping invokes /bin/ping.real grants net_raw # The wrapper needs to setuid/gid to the uid/gid that invokes it. uid root with no caps (or few caps) is still very powerful (replace binaries owned by root, read /etc/shadow, etc). Currently all capabilities are cleared when non-root app does a execp. This would need to be addressed. Dax - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/