Re: Caps in elf: discussion stopper [was Re: caps in elf headers: use the sticky bit!]

Pavel Machek (
Wed, 21 Apr 1999 21:19:04 +0200


> So this would be a very simple model where you just have a setuid root
> program, and it could simply drop some or all of its
> privileges/capabilities at any point in its execution --- perhaps at the
> beginning, perhaps later on in the execution of the program, etc. It's
> more flexible and simpler than the setuid-root-and-use-ELF approach.

Reading elf sections is trivial (take a look :-). Advantage of reading
elf sections is that you can ask "what capabilities does program XYZ
use?". I think that is pretty essential (along with ability to say:
"force program XYZ to use capability CAP_NET_RAW only).


I'm really 	   Pavel
Look at ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at