> Date: Fri, 16 Apr 1999 11:44:35 -0400 (EDT)
> From: "David L. Parsley (lkml account)" <kparse@salem.k12.va.us>
>
> Ok, I agree completely with this; I don't see any good use for fE, it
> really doesn't enhance security; if someone can explain to me why it
> might, I'd be interested (Ted?)
>
> fE is the rough equivalent of the setuid bit, except it's broken out by
> capabilities. You still need it, because a non-privileged user may need
> to execute a binary which has some privileges, but which does its own
> access controls and authorization checks before doing some privileged
> operation on behalf of the user. So fE is still absolutely needed.
> Most of the programs which are setuid root today would have some kind of
> non-zero fE mask.
OK, I had to give this some thought, but I can certainly see it's
usefulness (and don't want to take away flexibility); though I still say
that for a cracker, the effective set is a non-issue. Feel free to stomp
on this, but would you consider the addition of an fM to mask out further
inheritance? (the whole 'inheritance' thing, while being very useful, is
also very powerful and carries some serious security implications)
What of my suggestion for compatibilty of the new cap-enable bit?
cheers,
David
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/