Re: PATCH: signals security

Alexander Kjeldaas (
Fri, 22 May 1998 11:42:37 +0200

On Fri, May 22, 1998 at 03:55:40AM +0200, Rik van Riel wrote:
> On Fri, 22 May 1998, Alexander Kjeldaas wrote:
> > However, I'm not sure whether this cap_dirty thing is generally
> > useful, or whether all that is needed is a special-case for
> > CAP_RAW_IO. Generalizing it through cap_dirty, however is probably as
> > simple as a patch implementing a single PF_RAWIO flag.
> We can use it for all sorts of things. We might, for
> instance use it in the scheduler, in network or VM
> stuff or in other places.
> Another use for it is to let the programmer of
> security-dangerous programs know how much of the
> capabilities requested are actually used.
> This might give better security in the long run
> because programs will only ask for the capabilities
> they actually need.

Yes. Maybe.

> Exporting it in /proc probably _is_ a good idea.
> You can just disallow access to other users and
> return zero when p->euid!=p->uid.

Exporting cap_used is a good idea. I still don't think exporting
cap_dirty is a good idea since you have to know that none of the bits
in cap_dirty were tainted in a process whose euid!=current->euid.


 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to