RFC: Security feature: partly prohibit process uid-changing

Ph. Marek (marek@bmlv.gv.at)
Tue, 23 Feb 1999 11:59:45 +0100

How about implementing a new field in the process structure, which gives
the SMALLEST possible uid for this process? standard would be 0, but could
be raised by all|root to any other value, maybe root could want lower it too.

that would primarily be used in servers, where e.g. after a setreuid() the
uid should NEVER AGAIN become 0 (chroot() environments). this flag would be
given to the children too.
that should prohibit use of SETUID programs too ...

the standard cases would be 0 (normal usage) and 1 (no root anymore), maybe
100 (no daemon-uid's).
We would need a syscall for that and preferable an entry like
/proc/*/security.

I think that something like that wouldn't make much work - I volunteer for
that, although I have not much knowledge in kernel hacking. but if someone
looks at my piece of code, I'd write it.

comments? is that A Right Thing To Do?

Phil

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/