maybe this could be a compromise between the suid0/sticky solutions:
Advantage of suid 0:
If the fs is used by an old kernel or another OS, only root can
create/modify executables with caps, this prevents a security hole.
Advantage of sticky bit:
The suid settings used by an old kernel can be configured independent
from the caps settings used by a new kernel.
To take the best of both I would like to suggest:
1. Use the sticky bit
2. Allow a mount option so that the sticky/caps bit is only honored if
the executable is owned by root and writable only by root.
This would allow the _sysadmin_ to decide if it is appropriate to get ride
of the special meaning of UID 0.
A caps-purist in a homogeneous environment could allow the sticky/caps bit
used independent of an UID.
A pragmatic person in a heterogeneous environment could restrict the
caps-functionality in shared filesystems to files owned by UID 0.
Comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/