Re: minimum capabilities?

Nix (nix@esperi.demon.co.uk)
18 Apr 1999 00:35:18 +0100


"Albert D. Cahalan" <acahalan@cs.uml.edu> writes:

> Nix writes:
> > Horst von Brand <vonbrand@sleipnir.valparaiso.cl> writes:
> >> "Albert D. Cahalan" <acahalan@cs.uml.edu> said:
>
> >>> Execution should fail when the new capabilities (after calculation) are
> >>> not enough to do everything the executable needs to do. If execution
> >>> can proceed, the user has selective control over system call failures.
> >>
> >> Ever heard of a chap called Alan Turing?
> >
> > It's more than the halting problem; to do what Albert suggested in the
> > general case would require a solution to the halting problem *and* a
> > functioning time machine.
>
> What the hell? I mark the executable with what it needs:
>
> $ mark-min-cap a.out CAP_CHOWN CAP_NET_ADMIN

Ah. I thought you were implying that the kernel would analyze the binary to
work out what the executable needs to do. Not quite sure why I thought that,
looking back at the original post...

... I plead insomnia.

-- 
`The purpose of a windowing system is to put some amusing
 fluff around your one almighty emacs window.' -- Mark on gnu.emacs.help

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/