[PATCH 0/2] capabilities

From: Andy Lutomirski
Date: Tue May 11 2004 - 22:27:29 EST

This reintroduces useful capabilities.

In this model, the inheritable mask is a limit on what capabilities
the task or any of its children may have. Permitted and effective masks
have their old meanings.

Init gets all capabilities (even CAP_SETPCAP) since it seems absurd to do

Part 1 shouldn't change user-visible behavior; it just moves the vfs
capability logic into fs/exec.c (where it IMHO belongs) and the setuid
logic into apply_creds (where it IMHO belongs). I made no effort to
make apply_creds pretty since it all gets deleted in the next patch

Part 2 redoes the capability logic.

This code is paranoid about setuid. A later patch will allow that to
be overridden by a sysctl so that securelevel can be done usefully.

I left cap_bset in, even though I can't see a use for it anymore.

I put some user tools at http://www.stanford.edu/~luto/cap/; I've used
themn to exercise this code somewhat.

It applies to 2.6.6-mm1. It does _not_ apply to 2.6.6 vanilla, but the fix
should be trivial (it conflicts with something in fs/exec.c). It will not
apply to earlier versions, as it depends on the compute_creds race fix.

Please let me know what you think and if you see any holes in this code
or possibilities of exposing / introducing bugs in other programs (think
Sendmail bug).

This should also eliminate the Oracle magic-group mess :)

Andrew- is this sufficiently non-scary for -mm?

Where this is going:
There is probably some dead code now in sys_capset. I'll check on that.
Also, I have an ext3 xattr caps patch lying around somewhere. I can try
to get it working again.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/