Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 2 Nov 2002 23:31:13 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 2 Nov 2002 23:31:13 -0500 Received: from leibniz.math.psu.edu ([146.186.130.2]:50578 "EHLO math.psu.edu") by vger.kernel.org with ESMTP id ; Sat, 2 Nov 2002 23:31:12 -0500 Date: Sat, 2 Nov 2002 23:37:42 -0500 (EST) From: Alexander Viro To: Linus Torvalds cc: Oliver Xymoron , Olaf Dietsche , "Theodore Ts'o" , Dax Kelson , Rusty Russell , linux-kernel@vger.kernel.org, davej@suse.de Subject: Re: Filesystem Capabilities in 2.6? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 938 Lines: 24 On Sat, 2 Nov 2002, Linus Torvalds wrote: > However, I think there is a problem with Al's original approach: the bind > can _not_ be just a mask that takes away capabilities from a suid > application, since that would imply that the app has to be marked suid in > the first place (and accessing it _without_ going through the bind will > give it elevated privileges, which is what we're trying to avoid). No, that's OK - mount --bind /usr/bin/foo.real /usr/bin/foo.real mount -o remount,nosuid /usr/bin/foo.real or equivalent couple of mount(2) calls will do the trick nicely (and that, BTW, we have right now - you can selectively disable/enable suid on files and entire subtrees). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/