Aaron Denney writes:
> Another mechanism for forcibly lowering capabilities would be
> nice and useful, and I agree that it would need to be stored
> outside the binary. I don't think the inode would be a good
> place though, as that is traditionally under the control of
> the owner (save atime), and this is not.
>
> Further, this is (should be) per-executor information.
> Surely you can imagine two people on the same system
> wanting to trust a given binary differing amounts?
Oh my, you had to bring up THAT problem...
For this, the in-memory solution is the only sane answer. The bits
get restricted to a VFS namespace, and you use a namespace-splitting
clone call to divide up the system by who trusts what.
That solution is really solid. Namespaces could form the VFS part
of a simple MAC system even. If there isn't any path to something,
then you just can't access it.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:13 EST