On Saturday 15 February 2003 22:09, Christoph Hellwig wrote:
> On Sat, Feb 15, 2003 at 08:17:03PM +0100, Andreas Gruenbacher wrote:
> > That sounds quite reasonable. I would have to raise CAP_SYS_ADMIN
> > for trusted EA's, though. Do you see any potential side effects
> > while a pretty powerful capability like CAP_SYS_ADMIN is
> > temporarily raised?
>
> Okay, something I missed when looking over your patches, otherwise
> I'd have shutde earlier :) Do you really think you want
> CAP_SYS_ADMIN for trusted EAs? Soon we'll get CAP_SYS_ADMIN as
> catchall like old suser()..
>
> Let me check what XFS uses for that purpose as soon as I'm back in
> the office.
The intention of Trusted Extended Attributes is for processes that
perform tasks that are relevant for the proper functioning of the
system, to allow them to use EAs. Other, non-privileged processes shall
have no access whatsoever to those EAs. This level of protection would
otherwise only be possible by providing a kernel module.
I would be quite happy with a new CAP_TRUSTED_PROCESS or whatever, but
going that route for all sorts of applications then we might soon end
up with an large number of capabilities. Maybe I'm wrong on that,
though.
Cheers,
Andreas.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Feb 15 2003 - 22:01:04 EST