> > > No it is not. You can still make interpretter suid root, and
> > > interpretter will have to look if script is marked, and in such case
> > > interpretter will have to interpret 'capability headers' in the
> > > script. (You can use your #! idea if you want.) But suid interpretter
> > > will be the one who parses capabilities.
>
> > Yes, you are correct; the interpreter should just get a (mostly) full cap
> > set and parse the caps itself. Mine was a hairbrained idea, but at least
> > it generated a better one. ;-)
>
> It _is_ harebrained: You want to make the system secure by auditing each
> capable piece of software (at least those with dangerous capabilities,
> however defined), and for stuff like the Perl interpreter this is hopeless,
> or at least makes the whole exercise pointless.
Not true, you only need to audit small loader part.
> And again, what is going to stop me from faking capabilities in the script
> when I write it?
s-bit being dropped as soon as you write to executable. (Or I do not
understand what you mean by faking capabilities.) [We already have
suid perl programs - is something wrong with them?]
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/