The problem is that I'd like to be able to use capabilities to secure
a system, however, I don't want to necessitate a lot of trips out to a
remote site everytime we make a mistake and need to change a file that
we've made immutable. The solution, it seems, is to compromise security
of the capabilities somewhat by adding a password to the system which
allows the sysadmin to remove any/all of the capabilities restrictions.
This is similar to what LIDS does, however, I'd rather have a patch with
only does this rather than a patch which also includes portscan detectors
in the kernel, etc.
So, I'd be interested in what the cleanest way to do this would be. It
seems to me you could do something like impliment an ioctl() which
initally accepted an md5/sha1 password, stored that in the kernel and made
that "immutable". Then you have another call which accepts a phrase to
hash and checks against the md5/sha1 password and then accepts another
argument which will set kernel_cap_t if the hash of the phrase matches the
stored hash. Does this sound reasonable, or am I shoving way to much
crap (md5/sha1) into the kernel? Suggestions on how to do it 'cleanly'
would be appreciated.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:09 EST