> Yes, but they *can't* be part of the binary executable itself:
> It would be just way too easy to fake them.
Go right ahead. They get ignored if the executable is not
setuid to root. The setuid bit can be stopped with a mount
option and the whole feature can be stopped by disabling root.
> No good. I can bring my own SUID root equivalent capable binaries from
> home, or just edit some random copy of /bin/sh with emacs to fix it up.
You would need to set the real setuid bit.
>> 2. How bad is it that we're limited to ELF? Is it important to allow
>> things like capability-enhanced perl scripts, for instance.
>> set[ug]id perl scripts are fairly common now.
>
> Extremely bad. You would be a damned racist ;-)
ELF-only is good enough for Linux 2.2. It is better than was expected.
Perl scripts will have to wait for Linux 2.4, with filesystem support.
>> Obviously it would refuse to honor them for non-suid-root
>> files but what about protecting from root? This works
>> against the division-of-root concept of capabilities.
>
> Yep, you've got back root with all its glory.
No, you never got rid of root with all its glory. You can get rid
of root after the filesystem supports POSIX capabilities.
Until then, this is a great hack. Would you rather have plain setuid?
It is good to be able to tag an existing binary for capability
reduction, do that on any filesystem, and have it work for Linux 2.2.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu