> > I'm not entirely convinced. The thing with ELF notes is that they only
>
> > work with ELF. That may sound obvious, and it is, but it makes me
> wonder
> > whether it's the right way at all.
>
> Thats what I've said all along. Not to mention that the
> ELF header capabilities idea is probably insecure from the start. One
> wouldn't place the permission bits inside the file, ehh? So why
If those permission bits only _lower_ your priviledge, it is
completely ok to put permission bits into file.
> we place the capabilities, inside the file. For one thing, unless
> you really do some weird (and IMHO kludge) stuff, anyone who has
> the ability to modify the contents of the file also has the ability
> to modify the capabilities. I don't think that the kernel can
Yes, and I do not care they can do it: they can lower their
priviledges. They were free to do it anywy.
> They ALL provide filesystems that include the ability to store
> privileges
> (read capabilities).
I wonder what problems they have with tools like tar and nfs. Putting
capabilities into namespace is REALLY BIG change. And I can't see it
happening anytime soon.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/