Date: Sat, 3 Apr 2004 00:56:36 +0200
From: Andrea Arcangeli <andrea@suse.de>
To: Chris Wright <chrisw@osdl.org>
Cc: Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org,
       kenneth.w.chen@intel.com
Subject: Re: disable-cap-mlock
Message-ID: <20040402225636.GX21341@dualathlon.random>
References: <20040401135920.GF18585@dualathlon.random> <20040401170705.Y22989@build.pdx.osdl.net> <20040401173034.16e79fee.akpm@osdl.org> <20040402133540.1dfa0256.akpm@osdl.org> <20040402143639.G21045@build.pdx.osdl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040402143639.G21045@build.pdx.osdl.net>
User-Agent: Mutt/1.4.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1146
Lines: 22

On Fri, Apr 02, 2004 at 02:36:39PM -0800, Chris Wright wrote:
> [..] I think basically
> nobody really uses capabilites except in either simple root drops a
> few privs ways (no exec), [..]

yep, at least sendmail does that (I remeber because there was a kernel
bug at some point not dropping those).

If I understand well, the basic problem is that there's no way to retain
a single capability forever through execve and everything else possible.
We'd need a way to tell the kernel a certain capability must never go
away no matter what syscall is being run. Of course one will need need a
special capability to use this functionality (CAP_ADMIN or similar) and
login/su will then be able to give IPC_CAP_LOCK to an user. I think
at some point there was something like this being discussed, when there
were still discussions about putting the capabilities into the fs (or
the elf header or whatever).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/