Re: Subject: Re: ext3 to include capabilities?

Ernest JW ter Kuile (terkuile@KVI.nl)
Sat, 03 Apr 1999 23:11:39 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: FAVRE =?iso-8859-1?Q?Gr=E9goire?=: "Re: 2.2.5ac3 error in compiling modules (gcc 2.8.1) ???"
Previous message: Carrer yuri: "2.0.31: strange udp and xtacacs problem..."

This is a multi-part message in MIME format.

--Boundary_(ID_BuaIzIiHJkMbYToN7LDGOQ)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT

"Albert D. Cahalan" wrote:
>
> G. Sumner Hayes writes:
> > Albert Cahalan <acahalan@cs.uml.edu> wrote:
>
> >> 1. Put capabilities information in the executable header.
> >> 2. Mark the executable setuid root.
> >> 3. Have the kernel check for #1 if #2, and prefer #1 if present.
> >
> > Of course, you've completely busted up security.
>
> Nope, think about the system a bit more. It isn't so stupid.
>
> if(setuid){
> if(root_owned && cap_header) use_cap_header();
> else use_setuid_bit();
> }
>

But why only use user 'root'.

In my understanding with the capabilities sheme, any user could receive
specifique (permanent/or not) privs from the apropriate sysadmin. these
privs will be stored somewhere on the system (probably not in passwd,
but
like shadow passwords, in a separate safe file).

allow suid to any user when checking for the capabilities of the file,
but
check if that user is allowed that capability.

now make an apropriate 'super exec virtual user' with any uid, and
give him all privs you allow on you suid executables.

now for the next several years until all systems have cached up with
this
sheme, this 'super exec virtual user' will probably be root. however
later
you can try to reduce this users capabilities.

Comments ?

Ernest

------------------------------------ |\ _,,,--,,_ ,) ----------
Ernest ter Kuile /,.-'' -, ;-;;'
(xx31) 50 3633545 |,4- ) )-,_ ) /\
terkuile@KVI.nl ------------------ '---''(_/--' (_/-' ---------------
Drawing shamelessly stolen from an other .sig

--Boundary_(ID_BuaIzIiHJkMbYToN7LDGOQ)
Content-type: text/x-vcard; name=terkuile.vcf; charset=us-ascii
Content-description: Card for Ernest JW ter Kuile
Content-disposition: attachment; filename=terkuile.vcf
Content-transfer-encoding: 7BIT

begin:vcard
n:ter Kuile;Ernest
tel;fax:(xx31) (0)50 363 4003
tel;work:(xx31) (0)50 363 3545
x-mozilla-html:FALSE
org:Kernfysisch Versneller Instituut (RuG);SoftwareHouse
adr:;;;Groningen;Groningen;;The Netherlands
version:2.1
email;internet:terkuile@KVI.nl
x-mozilla-cpt:;-12128
fn:Ernest ter Kuile
end:vcard

--Boundary_(ID_BuaIzIiHJkMbYToN7LDGOQ)--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: FAVRE =?iso-8859-1?Q?Gr=E9goire?=: "Re: 2.2.5ac3 error in compiling modules (gcc 2.8.1) ???"
Previous message: Carrer yuri: "2.0.31: strange udp and xtacacs problem..."