Re: capabilities carried over execve()

Pavel Machek (pavel@suse.cz)
Thu, 26 Apr 2001 22:10:49 +0200


Hi!

> I am attempting to write an init replacement that is capability-smart.
> Though I'm pleased that prctl() lets me keep capabilities across a
> setreuid(), maintaining caps over execve() seems impossible to do right.
>
> I currently see a few options:
> - use the CLOEXEC-pipe hack that execcap uses (parent notices
> when pipe closes then rushes to set caps on child before
> child notices they're gone). This looks like a race to me.
> - tweak linux/fs/exec.c (prepare_binprm) to pretend that all
> files have cap_inheritable and cap_effective fully set.
> This seems a more elegant solution, but requires a kernel
> patch.
> - exec the child in a stopped state, mess with caps, then
> send it SIGCONT. AFAIK, there is no way to do
> execve_and_stop.

What about ptrace? It should be able to do this kind of stuff... but
it is going to be messy.
Pavel

-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/