Re: caps in elf headers: use the sticky bit!

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: linux phreak: "scanner support in which kernel"
• Previous message: Larry McVoy: "Fun topic: name that branch!"
• In reply to: Horst von Brand: "Re: caps in elf headers: use the sticky bit!"
• Next in thread: Horst von Brand: "Re: caps in elf headers: use the sticky bit!"

I wonder if you could have a daemon (capsd?) that could hand out the caps
afer a call. By convention programs would make a call to the daemon and if
required obtain the required powers.

In a very simple example you would have a file called /etc/caps.conf that
would have the user/file information:

#user:file:caps
root:*:*
backup:/bin/tar:READ_ALL,BACKUP,RESTORE
joe:*:SECURITY

root would be all powerful. backup could poke around and such. joe could
create users, set passwords and other things of that nature.

A simple way to invoke the caps would be to say:

/sbin/caps /bin/tar

Later on, programs that needed it could be rewritted (or a patch to the
libraries made) to call capsd at startup.

Standard backups work and since a program moved from host x to host y
would not have any special powers due to whats in its header.A

Just a thought.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: linux phreak: "scanner support in which kernel"
• Previous message: Larry McVoy: "Fun topic: name that branch!"
• In reply to: Horst von Brand: "Re: caps in elf headers: use the sticky bit!"
• Next in thread: Horst von Brand: "Re: caps in elf headers: use the sticky bit!"