Re: [PATCH] Capabilities, this time in elf section

Albert D. Cahalan (acahalan@cs.uml.edu)
Thu, 15 Apr 1999 21:26:24 -0400 (EDT)


brandon s. allbery writes:

> But what of AFS (or, if you prefer, Arla)? It has even less support
> for Unix file metadata... but it *does* have security, both for
> authentication and data (at least in theory for data, by setting
> the Rx RPC layer to do encrypted transfers). It is reasonable to
> expect binaries from an AFS directory that only allows administrators
> write access to be secure... but the metadata is worthless for
> identifying such. (Even the setuid bit has only spotty support.)

AFS has several extra bits that could be used. How about the F bit?

I'm really starting to think that the trust indicator bit should
be determined by filesystem type and/or mount option. For NFS,
the setuid bit indicates trust. For AFS, you can use the F bit.
For vfat :-) you have the system bit.

One could even have a VFS function to ask about trust.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/