Re: Filesystem Capabilities in 2.6?

From: Olaf Dietsche (olaf.dietsche#list.linux-kernel@t-online.de)
Date: Sun Nov 03 2002 - 08:55:29 EST


Linus Torvalds <torvalds@transmeta.com> writes:

> On Sat, 2 Nov 2002, Linus Torvalds wrote:
>
> It occurs to me that we actually do have the "extended symlink" concept in
> UNIX already: the existing "#!" escape for executables is really exactly
> that. It's just a structured symlink, except the extension is not a
> capability, but rather it's the script to be fed to the executable.
>
> With a simple extended binfmt_misc.c or binfmt_script.c, we could do a
> capability escape (that only removes capabilities, but allows for suid
> shells) fairly easily if people really want it. And it would work on any
> almost-UNIXy filesystem, including NFS etc.

Look at <http://marc.theaimsgroup.com/?l=linux-kernel&m=101639590421603>.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:29 EST