> > > > 1. Put capabilities information in the executable header.
> > > > 2. Mark the executable setuid root.
> > > > 3. Have the kernel check for #1 if #2, and prefer #1 if present.
>
> > Old security scripts program has root privileges. It is wrong, it has
> > only subset. But it is wrong _the right way_. Old scripts still see
> > the "bad scenario".
>
> > It is no-loose situation.
>
> It's a no-lose situation until you start using the new features to add
> privileges which weren't there in the first place.
Don't do it, then :-).
No, bad argument. Ok, so you want executable that does not work with
old kernel. But that is easy! Invent incompatible extension to
elf. And now, watch:
2.0.x kernel sees suid executable with broken header. It refuses to
load it.
6.7.x kernel sees suid executable with new header and capabilities
header. It loads it, sees header, and runs it with right capabilities.
I hear you asking: why do you want new header, when
set_capabilities(...) near enough in main() is good enough?
That's easy. I want lscap command to be able to tell me what
capabilities command uses.
Pavel
PS: And now, questions: Does anyone see a possibility how to add
suitable information into _existing_ elf executable?
I'd like to be able
#setcap /bin/ping CAP_RAWSOCK
without need to recompile ping. It is not essential feature. Still it
would be nice.
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/