OK, I missed that.
Second try:
1. Use the sticky bit
2. Set the immutable bit if available
3. Allow a mount option so that the sticky/caps bit is only honored if the
executable is also suid 0.
Use 3. if you can't trust the sticky bit alone.
A side effect of 3.:
In contrast to the pure suid 0 solution, 3. allows the suid bit to keep it's
old meaning, as long as the sticky bit is not set. This allows suid
functionality without putting the uid + suid-bit into the file content. If
both suid and raising caps are required by an executable, just use a wrapper:
-rwsr-xr-t root root wrapper
-rwsr-sr-x new_uid new_gid orig_executable
(wrapper raises some caps and exec's orig_executable.)
Ulrich Schmid
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/