Re: caps in elf headers: use the sticky bit!

Horst von Brand (vonbrand@inf.utfsm.cl)
Mon, 12 Apr 1999 11:35:12 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casey Schaufler: "Re: [PATCH] Capabilities, this time in elf section"
Previous message: G. Sumner Hayes: "Re: caps in elf, next itteration (the hack get's bigger)"
Maybe in reply to: David L. Parsley: "caps in elf headers: use the sticky bit!"

Al Lipscomb <arl@q7.net> said:
> Putting caps in the file system allows you to set programs to whatever
> caps you want, but what about granting a user special caps? For
> example you have an account that you want to be able to read any file in
> order to perform backups. You do not want to bless tar, cpio etc. You want
> the processes the user runs to have the power, no matter what they are.

Users don't have capabilities. What you hint at is the Unix tradition of
powerful (i.e., root) users. Capabilities don't work that way: There are
trusted programs that do whatever check they deem necesary and do certain
things that need enhanced privileges. Anybody (barring traditional Unix x
bits) can run them, if/what they do is up to them.

-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Casey Schaufler: "Re: [PATCH] Capabilities, this time in elf section"
Previous message: G. Sumner Hayes: "Re: caps in elf, next itteration (the hack get's bigger)"
Maybe in reply to: David L. Parsley: "caps in elf headers: use the sticky bit!"