Re: Capabilities in fs vs. exe

Pavel Machek (pavel@bug.ucw.cz)
Sat, 17 Apr 1999 16:15:59 +0200


Hi!

> Given that I don't know much about capabilites systems, feel free to flame
> me if this is stupid, but it sounds like this would work:
>
> Put capability sets in both ELF headers and, optionally in FS metadata.
>
> Capabilities in ELF headers are "negative capabilites" -- they can only
> subtract from a processes' capability.

...but this is exactly what I'm proposing here! I've even presented a
code! ;-)

> I am interested in hearing any realistic situations this can't handle. It
> seems that it avoids overloading the sticky bit *and* the suid bit for the
> most part, while allowing reasonably good security without a capability aware
> FS, yet allows the associated flexibility if such support is present.

Pavel

-- 
I'm really pavel@atrey.karlin.mff.cuni.cz. 	   Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/