Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 08:49:58 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 08:49:57 -0500 Received: from mailout01.sul.t-online.com ([194.25.134.80]:29368 "EHLO mailout01.sul.t-online.com") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 08:49:18 -0500 Cc: "David D. Hagood" , Rik van Riel , "Theodore Ts'o" , Dax Kelson , Rusty Russell , , References: From: Olaf Dietsche To: Linus Torvalds Subject: Re: Filesystem Capabilities in 2.6? Date: Sun, 03 Nov 2002 14:55:39 +0100 Message-ID: <87heeysqp0.fsf@goat.bogus.local> User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Honest Recruiter, i386-debian-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 842 Lines: 17 Linus Torvalds writes: > On Sat, 2 Nov 2002, David D. Hagood wrote: >> Linus Torvalds wrote: >> >> Would this not allow a user to add permissions to a file, by creating a >> new directory entry and linking it to an existing inode? >> >> Would that not be a greater security hole? > > No. The file itself has _no_ capabilities at all. If you just link to it, > you can give it whatever capabilities _you_ have as a user (well, normal > users don't really have any capabilities to give, but you get the idea). So, this would be the inheritable set only. Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/