> > btw, in some sense it's even more secure, capabilities are 'embedded
> > permanently in the binary' and an admin cannot mis-configure the system.
> > Also, it integrates the responsibility of aquiring capabilities with the
> > source code itself, which isnt a bad concept either. We might want to
> > modify 'ls' to look at the file if it's setuid root, and display fancy
> > stuff if the binary is in 'secure capabilities mode'. [I'm not sure how
> > this whole concept could be implemented best though.]
>
> It would not help for bugs like the infamous LOCALEPATH holes (that were in the startup
> code).
this is why i think it would be nice to do this either in crt0.o, or in
the kernel ELF loader, whenever it detects some special ELF flag. (this
still needs no filesystem support)
> If you want to make this secure you hooks in the startup code to drop
> priviledges even earlier I think.
aggreed.
-- mingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu