Re: ext3 to include capabilities?

David Lang (dlang@diginsite.com)
Tue, 13 Apr 1999 00:01:13 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Neil Thompson: "Re: Fun topic: name that branch!"
Previous message: Jim Woodward: "Linux and AIX 3.2 filesystems?"

-----BEGIN PGP SIGNED MESSAGE-----

On 12 Apr 1999, Eric W. Biederman wrote:

>
> DL> 2. using one of the many other methods mentioned things would break,
> DL> potentially in ways that prevent you from even being ablt to shutdown the
> DL> system (think of shutdown and reboot with capablities set, you could not
> DL> run them)
>
> No. On an old kernel root would still be able to run anything.
> Though perhaps only root could do things other users could do in a capability
> enhanced system.
>
> Futhermore if you adopted the convention that
> a) all enhanced capability binaries must reside on an ext2 partition
> b) all enhanced capability binaries would also have the immutable flag set.
> c) you ran 'find / -perm -01000 | xargs chmod -t' before going to multi
> user mode there would be no security holes.
>
> This relies on the fact that
> 1) only root can set the ext2 immutable flag in a non capabilities system.
> 2) even for root chmod -t won't work without clearning the immutable flag first.
>
>

If some of the suggestions that I have seen posted (change ELF to FLE for
the sig for example) would not have this capability, and you are still
faced with the problems of shared filesystems (I am not talking about the
use of capability bits in the ELF header for this I am referig to the
alternatives I have seen posted.)

DAvid Lang

"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNxLruz7msCGEppcbAQFmYgf+MaVRrvxQ0iAGr3W4AS7OQMiD9r2fM9SV
E2XyvEvWw2g3YzcQJwAjDlGhiQurf+awdFMJcPXqVeyfSaFCD3KyMW+Ykfn4NHp5
TYwspgG4Q+Pm2+v2fFA1fr87bkbksdYCilxX3rsB61XNxtqnZmobuKxe4PSq6gkn
QVqr1XtRgvpzB+EBCWuCnKa0Ik2iO+Z+48nkM12uwsH3SJU2n8me0MMrr+zp4l+1
vLhjR5Pu22iKypxdEJkfQ7tI1oF42DijKkE1ZX1VYmavTY6YNLAyN4L6WQ7/jhND
Fpl5eOAH403KEVrbDuDZ7CTufF5dm5g7+GkQTRO9yLb9Lopnf8Dw0Q==
=pX6r
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Neil Thompson: "Re: Fun topic: name that branch!"
Previous message: Jim Woodward: "Linux and AIX 3.2 filesystems?"