Re: Filesystem Capabilities in 2.6?

Bernd Eckenfels (ecki-news2002-09@lina.inka.de)
Sun, 3 Nov 2002 16:13:03 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"
Previous message: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"

In article <Pine.GSO.4.21.0211022114280.25010-100000@steklov.math.psu.edu> you wrote:
> <shrug> that can be done without doing anything to filesystem.
> Namely, turn current "nosuid" of vfsmount into a mask of capabilities.
> Then use bindings instead of links. *Note* - binary _is_ marked suid,
> mask tells which capabilities _not_ to gain.

the suid bit is important, I agree. this will make most security checks not
fail. Problem: runtime checks depend on euid. PErhaps we should even return
a different effective uid (or 0?) if a program is runnign with increased
capabilities?

Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"
Previous message: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"