Re: Filesystem Capabilities in 2.6?

Dax Kelson (dax@gurulabs.com)
Sat, 2 Nov 2002 21:04:07 -0700 (MST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perez-Gonzalez, Inaky: "RE: [half-joke] Help - someone turned my machine into xt emulatin"
Previous message: Akira Tsukamoto: "Re: [PATCH] Athlon cache-line fix"

On Sat, 2 Nov 2002, Alexander Viro wrote:

> <shrug> that can be done without doing anything to filesystem.
> Namely, turn current "nosuid" of vfsmount into a mask of capabilities.
> Then use bindings instead of links. *Note* - binary _is_ marked suid,
> mask tells which capabilities _not_ to gain. It's OK - attempt to
> link(2) to the thing using binding will see that oldname and newname
> are within different vfsmounts, so instead of link to suid-root binary
> you get -EXDEV.

Any thoughts on how /usr/bin/(rpm|dpkg) copes with setting up the binding
when installing a package?

Dax

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Perez-Gonzalez, Inaky: "RE: [half-joke] Help - someone turned my machine into xt emulatin"
Previous message: Akira Tsukamoto: "Re: [PATCH] Athlon cache-line fix"