> > Better way:
>
> Not really
>
> > 1. Put capabilities information in the executable header.
> > 2. Mark the executable setuid root.
> > 3. Have the kernel check for #1 if #2, and prefer #1 if present.
>
> That confuses everyones security scripts. It makes the binary run as root
> on an older system, so if you downgrade you get a massive security hole
It confuses them "right way".
Old security scripts program has root privileges. It is wrong, it has
only subset. But it is wrong _the right way_. Old scripts still see
the "bad scenario".
About massive security holes: I don't agree. With this solution, what
would I do? Took sendmail, and few other, normally suid 0 programs,
and lowered their privileges. With new kernels, I would have better
protection, and with old kernels, I would have current situation.
It is no-loose situation.
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/