Re: Capabilities done right [diff against 2.3.1]

Jeremy Fitzhardinge (jeremy@goop.org)
Tue, 18 May 1999 13:48:56 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jason Stone: "Re: 2.3.x wish list"
Previous message: Matthew Kirkwood: "Re: send_sigio() scalability"

On 18-May-99 Theodore Y. Ts'o wrote:
> So why not simply put the code which drops the privileges in a
> constructor which is engineered to be run first? If the way that
> constructor is setup uses a stylized code can be easily found by a
> setcap or checkcap program (i.e., give the constructor a standard name,
> and store the capability restriction in a standard variable referenced
> by the constructor), then you can get the ability to query/set the
> capabilities, but it's done in such a way which doesn't require any
> special kernel hacks to enable the feature.

Making the constructor come first would be awkward. You could do it at link
time if you can be certain the appropriate .o file comes first, but that's not
likely. You could reorder the ctors after linking, but only if you can
identify the right one to move, which sounds hard. Or you could make up a
special .ctor section (.ctor.caps) and change the linker script to merge it
into the ctors as the very first entry.

Setting it up so that an external program can list/change the data is pretty
easy - you just make up an ELF section for it, and store it there.

The downside of this scheme is that its pretty much impossible to apply to
existing executables, so you have to recompile. For most people, its easier to
recompile and replace the kernel than recompile and replace everything else.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jason Stone: "Re: 2.3.x wish list"
Previous message: Matthew Kirkwood: "Re: send_sigio() scalability"