I can easily integrate a _framework_ for capabilities: at this point I
definitely don't want the fancy stuff (ie I don't want patches to ext2fs
that extend the meaning of "suid" etc). Those kinds of patches should be
very small - and more importantly they should also be trivial to check for
correctness by just eyeballing them.
So that framework would really only be splitting up the "suid()" and
"fsuid()" stuff into many more bits, and when a setuid happens all the
bits get set. Together with maybe the most obvious and trivial system
calls, something like
remove_capability(int pid, unsigned long mask)
where
pid = 0 - myself (everybody can revoce privileges from themselves)
pid = -1 - everybody (only somebody with priv-privs can do this)
pid = pid - only somebody with priv-privs
pid = -pid - that session or whatever
In short, I'd happily add one system call, but that would be the only
thing for now (let's do the rest lazily when it becomes obvious).
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu