Re: Filesystem Capabilities in 2.6?

From: Pavel Machek (pavel@ucw.cz)
Date: Sat Nov 09 2002 - 15:11:21 EST


On Sun 03-11-02 16:20:08, Bernd Eckenfels wrote:
> In article <1036328263.29642.23.camel@irongate.swansea.linux.org.uk> you wrote:
> > Namespaces is a way to inherit revocation of rights on a large scale (or
> > a small one true). #! is a way to handle program specific revocation of
> > rights which _is_ filesystem persistent.
>
> #! would be a nice option to increase capabilities on invocation. But the
> final target must be linked to the invocation by an entity/revision binding.
> Since we do not have modification versions i could think about checksums:
>
> #!#/bin/setcap
> 10de6c9a339800777c2a8c43a7def924 /bin/ls
> +NET_ADMINe

I do not think having md5 sum of /bin/ls helps so much -- what if I
moify ld.so, instead?
                                                                Pavel

-- 
When do you have heart between your knees?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri Nov 15 2002 - 22:00:19 EST