Followup to: <20020317121118.A18548@glacier.arctrix.com>
By author: Neil Schemenauer <nas@python.ca>
In newsgroup: linux.dev.kernel
>
> I've written a small moduleš that enables the use of Linux capabilities
> on filesystems that do not support them. It is similar in spirit to ELF
> capabilities hack˛ but is not specific to the ELF executable format and
> is implemented as separate kernel module.
>
> To grant capabilities to an executable, a small wrapper file is created
> that includes the path to an executable followed a capability set
> written in hexadecimal. When this file is executed by the kernel, the
> executable is granted the specified capabilities. The wrapper file must
> be owned by root and have the SUID bit set.
>
> For example, to remove the SUID bit on the ping program while retaining
> its functionality:
>
> # chmod -s /bin/ping
> # mv /bin/ping /bin/ping_real
> # echo '&/bin/ping_real 2000' > /bin/ping
> # chmod +xs /bin/ping
>
Why not just do this with a small program if you're doing setuid
anyway?
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot." http://www.zytor.com/~hpa/puzzle.txt <amsp@zytor.com> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Mar 23 2002 - 22:00:14 EST