Re: [PATCH] 2.5.45: Filesystem capabilities

Dax Kelson (dax@gurulabs.com)
31 Oct 2002 11:11:50 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bloch, Jack: "RE: your mail"
Previous message: Chris Friesen: "Re: What's left over."

On Thu, 2002-10-31 at 07:21, Olaf Dietsche wrote:
> Hi Linus,
>
> This patch implements filesystem capabilities. It allows to run
> privileged executables without the need for suid root.
>
> Changes:
> - switched from 32 bits to 128 bits for capabilities
>
> I have addressed all objections Al Viro has raised. However, this is
> not widely tested so far. But this is a relative small patch, so it
> shouldn't be too hard to remove it later, if it turns out to be too
> dangerous, either security or file system wise.
>
> Please include.
>
> Regards, Olaf.

I second this!

I would very very much like to purge my systems of SUID root binaries.

If this goes in, we/I should start a little project to audit the SUID
root binaries commonly found on Linux to see what are the minimum
capabilities each binary needs.

Ideally the distro then ship this way by default.

RPM/DPKG (tar,cpio?) should be modified to store the capabilities too.

Dax Kelson
Guru Labs

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bloch, Jack: "RE: your mail"
Previous message: Chris Friesen: "Re: What's left over."