>> You gain so little (nothing?) over an executable header, and you lose
>> so much compatibility. You waste inode space and risk having buggy
>> filesystem code.
>>
>> Better way:
>>
>> 1. Put capabilities information in the executable header.
>> 2. Mark the executable setuid root.
>> 3. Have the kernel check for #1 if #2, and prefer #1 if present.
>
> What if I make a new executable and make its header say it implies
> CAP_whatever? Probaly I have looked over something...
You overlooked the step 2 requirement, as many people do.
The kernel would ignore your header if the executable is not marked
setuid root. If you can mark the executable setuid root, then you have
already cracked root anyway -- why not "emacs /etc/passwd" instead?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/