Re: inheritable set [was Re: caps in elf headers: use the sticky

Oliver Xymoron (oxymoron@waste.org)
Sat, 17 Apr 1999 21:20:07 -0500 (CDT)


On Sat, 17 Apr 1999, Alexander Viro wrote:

> You don't need *anything* special for that. You don't need
> capabilities - file descriptor of the directory will work just fine. Let
> the daemon pass it to applications via SCM_RIGHTS (after proper
> authentication, indeed) and call fchdir() in the application. Make the
> directory inaccessible to anybody except the daemon (no exec for group
> and world on parent) and there you go. You'll need to protect the thing
> from reaching it via /proc/* - not a big deal.

This requires you to have a long-running daemon. If the MTA dies or gets
DOSed, then not only does mail stop getting moved, it stops getting queued
as well. Unacceptable.

--
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/