Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 07:25:54 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 07:25:54 -0500 Received: from pc1-cwma1-5-cust42.swa.cable.ntl.com ([80.5.120.42]:30604 "EHLO irongate.swansea.linux.org.uk") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 07:25:52 -0500 Subject: Re: Filesystem Capabilities in 2.6? From: Alan Cox To: Alexander Viro Cc: Linus Torvalds , Oliver Xymoron , Olaf Dietsche , "Theodore Ts'o" , Dax Kelson , Rusty Russell , Linux Kernel Mailing List , davej@suse.de In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) Date: 03 Nov 2002 12:53:26 +0000 Message-Id: <1036328006.29711.20.camel@irongate.swansea.linux.org.uk> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1060 Lines: 19 On Sun, 2002-11-03 at 06:46, Alexander Viro wrote: > Quite so. Now, ability to _remove_ capabilities on exec() is a Good Thing(tm) > regardless of suid. It can be combined with suid - that gives you something > that is still evil, but less than it used to be. But I don't see any point > in new independent mechanism for raising caps - e.g. since it assumes a > bunch of new programs that were written to run with elevated caps and > with assumption that they will be less dangerous than suid-root ones. > Somehow, it doesn't make me happy about running such programs - not for > first 5 years or so. Removing capabilities is an easy thing to add. Firstly the binary can do it anyway even on 2.4, secondly you can add an ELF property easily enough which says which capabilities this gets if it is marked setuid - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/