Re: Capabilities: ALPHA time

Y2K (y2k@y2ker.com)
Sun, 2 May 1999 10:13:37 -0700 (PDT)

On Fri, 30 Apr 1999, Pavel Machek wrote:
> Hi!
> Capabilities reached state where they are actually usefull. (I was
> able to lower permissions for programs like ping and rlogin). There
> are still some problems with headers (I include
> /usr/src/linux/include/linux/capability.h directly -- that's ugly),
> and there are problems with applications which do getuid() and then
> print failed - must be run as root when they actually do not need root
> at all (fping). Diff against kernel follows, and diff against
Flood pinging is a policy issue. We don't want just anybody flood ping so
it checks that the ruid is 0. May I ask exactly what went wrong with
"printing"?
> http://www.goop.org/~jeremy/elf-caps.html follows, too (Jeremy, please
> apply at least parts which look clean to you).
> PS: I'd like this "obviously right" patch go in as soon as possible
> [well perhaps modulo "FLE" ugliness and modulo one printk], so please
> take a carefull look.
Your patch doesn't handle notes of different types if I'm reading it
correctly and it must be first note . I'll look into how the elf stuff
works closer and what kinds of information and sanity checks we can do so
that the kmalloc isn't a DoS problem. I'll relook into both versions of
the elfcap note finder stuff. It's definately 2.3ish though.

--
Any caps I mention are *derived* from a withdrawn draft posix document.
I've finally "unsoiled" myself;->




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/