> Given that I don't know much about capabilites systems, feel free to flame
> me if this is stupid, but it sounds like this would work:
>
> Put capability sets in both ELF headers and, optionally in FS metadata.
>
> Capabilities in ELF headers are "negative capabilites" -- they can only
> subtract from a processes' capability.
...but this is exactly what I'm proposing here! I've even presented a
code! ;-)
> I am interested in hearing any realistic situations this can't handle. It
> seems that it avoids overloading the sticky bit *and* the suid bit for the
> most part, while allowing reasonably good security without a capability aware
> FS, yet allows the associated flexibility if such support is present.
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/