> I was discussing this with a friend over the weekend, and one mechanism
> which might work is to have two new character special major devices, one
> for udp sockets and one for tcp.
Something similar (IMHO) was suggested with SockFS[1] and another
developer wrote me he wanted to implement bind() as an open() internally
to libc, which would not require modifications to existing software.
It appears to me that fine grained access control is currently not solved
with capabilities. For example, I think of applications I would not trust
to use CAP_SETUID to change to UIDs<1024 (similar case as for sockets). We
could introduce new capabilities for that, but soon the 128 Bits will get
exhausted.
To have "ACL escorted capabilites" would be the general solution and would
preserve compatibility with POSIX. But I cannot think of a general ACL
parsing suitable for the kernel. Maybe this is why POSIX 1.e uses with
a 128 bit wide mask.
-Winfried
References:
[1]: http://www.progressive-comp.com/Lists/?l=linux-kernel&s=sockfs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu