MY GOD, the Linux-Kernel list has become self aware!!!
> Setuid/setgid technology is an old technology belonging to the
>70's.
>It was pretty confortable at that time but now it's not really actual
>and
>it's more like a pain in the system. It would be possible to replace
>this
>with 'something' - you decide what - in kernel land with something
>really
>secure. It's near year 2000 now. I would love to see Linux get rid of
>this
>kind of ballast.
Won't be getting rid of it without a lot of work. Capabilities are
already supported in 2.1.x, these provide much better isolation of
power than setuid/setgid. However, all setuid root software needs
to be recoded to use caps, and to use them safely. While that is
being done, maybe buffer overflows could be fixed too. Hint - recompile libc so that strcpy, (v)sprintf, gets, and friends become _strcpy, etc.
Then try to rebuild your source tree.
Zachary Amsden
amsden@andrew.cmu.edu
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html