Re: PATCH: signals security

Rik van Riel (
Thu, 21 May 1998 19:49:37 +0200 (MET DST)

On Thu, 21 May 1998, Alexander Kjeldaas wrote:

> > You are probably better off using some of the code in
> > my Out-Of-Memory killer. It checks:
> > - whether the x86 I/O bitmap has been set up
> > - whether the process has raw I/O capability (CAP_RAW_IO)
> >
> > Now we probably want to modify the ioperm() and iopl()
> > syscalls to set CAP_RAW_IO, so we can do an easy arch
> > independant check.
> I'm not sure I understand. Capabilities shouldn't just be set. We
> already have the PF_SUPERPRIV flag which is set whenever a process
> _uses_ root privileges. It would be more natural to define a PF_RAWIO
> flag similar to PF_SUPERPRIV (or if needed, a complete set of 'have
> used CAP_xxx' flags).

This would indeed be the 'perfect' solution. At each
place where we check for a certain capability, we set
the 'used' flag too.

if (has_cap && set_used_cap) { ... };

This allows for easy checking where we need it, and
we can simply set up a clean map on fork().

It can also be used to gather statistics, so we can
put out nice figures saying how many capabilities
that are set remain unused.

This will undoubtedly keep security buffs on their
toes and warn the autors of daemons that they can
drop more capabilities on startup so they will be
less and less of a security hazard.

The technical value of such stats might be small,
but in the long run they might be the perfect

| Linux: - LinuxHQ MM-patches page | Scouting webmaster |
| - kswapd ask-him & complain-to guy | Vries cubscout leader |
| | <> |

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to