Re: Capabilities under Linux

Andrej Presern (andrejp@luz.fe.uni-lj.si)
Wed, 21 Apr 1999 14:59:31 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrej Presern: "Re: caps in elf, next itteration (the hack get's bigger)"
Previous message: Martijn van Oosterhout: "Re: Wierd IDE configuration"
Maybe in reply to: Riley Williams: "Capabilities under Linux"
Next in thread: Horst von Brand: "Re: Capabilities under Linux"

On Tue, 20 Apr 1999, Riley Williams wrote:
>As I made clear from the start, I believe that the ONLY security
>related capabilities that should be encoded in a file are those of the
>"I can't action my intended task without these capabilities, so refuse
>to run me if I can't be granted them" variety, which information MUST
>belong in the file itself - it makes no sense at all to put it
>anywhere else.
>
>An example of this is the one I posted earlier, which you clearly
>didn't bother to read through before you rubbished it: A binary stored
>in ELF format effectively includes in its header the statement "I can
>only be run on a system with the ability to load binaries stored in
>ELF format, so refuse to run me if you can't do so". Likewise, a HTML
>document file effectively includes within the file the statement "I
>can only achieve my intended task when read by something that knows
>how to handle documents in HTML format". OK, both are simple
>capabilities that shouldn't need expressing, but I'm sure you can soon
>come up with plenty of more complex ones.
>
>One that comes to mind would be to have a capability that says "I can
>only action my task if run in an environment supporting an X display",
>and attach that capability to programs like Netscape or Xearth. The
>ONLY place that particular capability could sensibly be stored is in
>the file itself, and I for one would see NO problem with it being
>copied from one system to another - irrespective of the system one
>tries to run it on, the capability will remain true.

A+

(would you believe that I actually resubscribed to the list after I read your
mail yesterday and now I even decided to post the already written answers that
I previously didn't feel were worth posting at all - see the beginning of the
second paragraph of the quote of your posting for reasoning...)

Andrej

-- Andrej Presern, andrejp@luz.fe.uni-lj.si

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrej Presern: "Re: caps in elf, next itteration (the hack get's bigger)"
Previous message: Martijn van Oosterhout: "Re: Wierd IDE configuration"
Maybe in reply to: Riley Williams: "Capabilities under Linux"
Next in thread: Horst von Brand: "Re: Capabilities under Linux"