Re: Capabilities

From: Horst von Brand (vonbrand@pincoya.inf.utfsm.cl)
Date: Mon Feb 21 2000 - 10:46:25 EST


Pavel Machek <pavel@ucw.cz> said:

[...]

> But you did not understand me well. I wanted to keep allowed bits in
> filesystem and keep special semantics of uid 0.

Why? Either UID 0 has all capabilities (is superuser, capabilities don't
matter much) or you use capabilities (in which case it may as well be a
regular user)

> > The problem with making a program setuid root, and then trusting
> > the program to drop the capabilities, is exactly that. You have to

> No. Because I would keep allowed set in filesystem. So if it is setuid
> 0 but allowed set is NET_BIND_LOW, I *know* that it will drop all but
> NET_BIND_LOW. You see?

Why does it have to belong to root then? Better belong to named (for DNS)
or mail (for MTA) or http (for HTTP), etc.

This idea is just an artifact of the elfcap kludge.

-- 
Dr. Horst H. von Brand                       mailto:vonbrand@inf.utfsm.cl
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:28 EST